RDiff-Backup from a Windows machine to Linux

I wanted to backup user profiles a number of workstations onto a Linux machine.  The workstation are Windows machines and I’ve round RDiff-Backup to be a very robust and efficient too.  RDiff-Backup works much like RSync but where RSync is useful for making mirrors of directories RDiff-Backup will also give you generation of those mirrors to refer to.

One of my prerequisites for the backup is for there to be a minimal amount of configuration to need to be done to the workstations in order for them to backup their profile.  I don’t want to install any software or change any PATH variables.

What I ended up doing was downloading the Windows version of RDiff-Backup from here as well as the required Visual Studio files from here and finally a copy of Putty’s plink.exe from here.  I then saved/extracted all three into a folder in the “Program Files” directory called “rdiff-backup-1.2.8”.

Next I generated an RSA key pair using instructions from here.  And copied the id_rsa.pub to my Windows machine.  Using puttygen.exe which I downloaded from here I followed these instructions to turn the public half of my key into a .ppk file (without a passphrase so it would work in the script below).

I saved the .ppk file into the same directory as I’d saved the other files and ran the command below.

"C:\Program Files\rdiff-backup-1.2.8\rdiff-backup.exe" -v5 --print-statistics --exclude-symbolic-links --no-hard-links --exclude "C:/Users/smagee/AppData" --exclude "C:/Users/smagee/SMAGEE" --exclude "C:/Users/smagee/OneDrive" --exclude "C:/Users/smagee/OneDrive - SMAGEE" --remote-schema "plink.exe -i smagee-ubuntu.ppk %s rdiff-backup --server" "C:/Users/smagee" smagee@

The result was a successful RDiff-Backup.

You can also exclude directories using the example above.

I hope this helps.  I found the following site very helpful in putting the above together.

Improving on backing up with rsync






Create a self signed certificate and sign a PowerShell file

I believe some of the functionality from the commands below is only available in PowerShell v5 and newer.

Launch PowerShell and start by creating your code signing certificate.

New-SelfSignedCertificate -certstorelocation cert:\CurrentUser\my -dnsname "Sam Magee" -Type CodeSigningCert

This should generate a thumbprint, you’ll need this later.


66EWR4R0997G7UY9JRTY3J4IU5UI6LO2 CN=Sam Magee

Convert a plain text string (a secure password) into a secure string and then save the secure string into a variable.

$pwd = ConvertTo-SecureString -String "Password" -Force -AsPlainText

Export the pfx file, substitute the location, filename and thumbprint for your own

Export-PfxCertificate -Cert Cert:\CurrentUser\My\66EWR4R0997G7UY9JRTY3J4IU5UI6LO2E18F039BC -FilePath "D:\Sam’s-Cert.pfx" -Password $pwd

Export the crt file, substitute the location, filename and thumbprint for your own.  This is the file you will install on the machine you want to run your signed PowerShell code.

Export-Certificate -Cert Cert:\CurrentUser\My\66EWR4R0997G7UY9JRTY3J4IU5UI6LO2E18F039BC -FilePath "D:\Sam’s-Cert.crt"

Now that you have your PFX file exported, double click on it to reinstall it on this machine.  Install it for the Current User to overwrite the certificate we’ve just made.  When asked to fill in the “Import options” tick the following:

  • Enable strong private key protection.  You will be prompted every time the private key is used by an application if you enable this option
  • Mark the key as exportable.  This will allow you to backup or transport your keys at a later time.
  • Include all extended properties.

The top tick box will prevent malicious applications from being able to sign files as you.  The second will allow you to port your key to another machine if needed or if you wipe your machine.  The final option keeps the setting that tells the certificate to be a code signing certificate.

Get your code signing certificate from your cert volume.

$cert = @(Get-ChildItem Cert:\CurrentUser\My -codesigning)[0]

Sign the PowerShell file with the certificate.

Set-AuthenticodeSignature "D:\test.ps1" $cert