locked
Defrag during shutdown ... permissions issue? RRS feed

  • Question

  • Hi, i'm trying to push out a shutdown script that will run WSUS, and defrag. I've already succesfully pushed it out via group policy and I can see it say "running shutdown script" when i'm rebooting.

    However,  the script runs much much too fast for me to beilive it's defragged anything. I beilive it's a permissions issue where the local computer doesn't have rights to defrag or install updates.

    This is likely simular to how I had to give all of our computers read access to software on the network in order to push out msi software. I could probrbaly make this a logoff script instead and it would run as the user rather then the computer, but then if I just want to log off and back on as admin I have to wait for a defrag.

    I have already tried adding all our computers to "Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignments\Perform Volume Maintenance Tasks" in group policy.

    While i'm at it, is there anyway to make a shutdown script only run when the computer is shutdown vrs reboot? I can imaging getting frustrated waiting for defrags just because I reboot after a software install.
    Saturday, July 19, 2008 12:07 AM

Answers

  • Howdie!

    Waldo120 said:

    ah ha, I figured it out. I was under the impression that it would automatically make the script available like it does when you setup a login script for an individual user. However, I guess it doesn't and therefore I have to set it up using a UNC path instead. Looks like it's working now. I will check the individual components later.

    But continuing the other conversations.

    I figured setting the group policy to auto install WSUS would do the trick, but it still asks the user if they want to install it. So, I'd like to force it at shutdown.


    Glad you got it working. Let us know if there's anything left there.

    Regarding WSUS, did you configure the "Configure Automatic Updates" policy? You can specify a download and installation time and choose option 4 - to download and install updates automatically. That makes sense as you surely approve update before installation. There's another policy you can check, "Allow non-administrators to receive update notifications". Setting it do "disable" suppresses the Windows Update balloon for non-administrators.

    cheers,

    Florian
    Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog
    • Proposed as answer by David Shen Wednesday, July 23, 2008 7:31 AM
    • Marked as answer by David Shen Monday, July 28, 2008 8:04 AM
    Wednesday, July 23, 2008 5:35 AM

All replies

  • Howdie!

    Waldo120 said:

    Hi, i'm trying to push out a shutdown script that will run WSUS, and defrag. I've already succesfully pushed it out via group policy and I can see it say "running shutdown script" when i'm rebooting.

    However,  the script runs much much too fast for me to beilive it's defragged anything. I beilive it's a permissions issue where the local computer doesn't have rights to defrag or install updates.

    This is likely simular to how I had to give all of our computers read access to software on the network in order to push out msi software. I could probrbaly make this a logoff script instead and it would run as the user rather then the computer, but then if I just want to log off and back on as admin I have to wait for a defrag.

    I have already tried adding all our computers to "Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignments\Perform Volume Maintenance Tasks" in group policy.

    While i'm at it, is there anyway to make a shutdown script only run when the computer is shutdown vrs reboot? I can imaging getting frustrated waiting for defrags just because I reboot after a software install.

    There are a few questions I have, just to get myself clear. What do you mean by "run WSUS"? Why would you want to run a defrag session every time a user shuts the computer down? How long does that script run before it "stops"? Scripts have a certain timeout (by default 600seconds, iirc) - could it be it runs into the timeout before it's finished?

    I don't think you can differenciate between a reboot and a shutdown. At least not without further scripting or calling an external app that's checking that. Simple batch won't do that for ypu. To be honest, I actually don't see the reason behind your script as Windows Updates can be done during work in the background and a defragmentation of those harddisk is sufficient when done once a year - on heavily used machines with a lot of file deletion and moves maybe twice.

    cheers,

    Florian

    Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog
    Sunday, July 20, 2008 11:22 AM
  • WSUS is a windows update server. This way all my computers don't have to download each and every update wasting bandwidth. It's downloaded once locally and then sent out via my WSUS server.

    I know daily is excessive, which is why at first I just made a script people would run every once and a while, but people are not doing it at all instead. So I need to make this automatic. Is there a way to only do it once a week or something? Maybe when it happens succesfully write a file on the network and check that file every time it tries to defrag before doing so. Then again, if it's done often it wont take long at all when doing it in the future.

    I find that running the updates in the background cases problems both in performance of the computer and in not installing correctly. Haven't you noticed that windows now comes with the option to "install updates then shutdown"? That's partly because doing the updates when shutting down can prevent problems.

    It is nearly immediately that the script appears to start and then stops. I barely have time to read what it's saying which is just "running shutdown script".

    I really think this is a permissions issue, so how would I give a computer rather then a user permission to defrag its own drive?
    Monday, July 21, 2008 5:23 PM
  •  Howdie!

    Waldo120 said:

    Hi, i'm trying to push out a shutdown script that will run WSUS, and defrag. I've already succesfully pushed it out via group policy and I can see it say "running shutdown script" when i'm rebooting.

    However,  the script runs much much too fast for me to beilive it's defragged anything. I beilive it's a permissions issue where the local computer doesn't have rights to defrag or install updates.

    This is likely simular to how I had to give all of our computers read access to software on the network in order to push out msi software. I could probrbaly make this a logoff script instead and it would run as the user rather then the computer, but then if I just want to log off and back on as admin I have to wait for a defrag.

    I have already tried adding all our computers to "Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignments\Perform Volume Maintenance Tasks" in group policy.

    While i'm at it, is there anyway to make a shutdown script only run when the computer is shutdown vrs reboot? I can imaging getting frustrated waiting for defrags just because I reboot after a software install.


    I know what WSUS is - but there's no need to have some scripting action. You can do that via Group Policy and configure it to check for new updates on a periodic basis. Don't script that...

    Well, if you're running your script as a shutdown script, it runs as the local system and therefore has sufficient rights to run the script. To see what's going on, append the > operator to the script to see what's going on.. like

    defrag.exe -parameters go here > output.exe ... like this you see all the stuff that's going on - or not. Just check it.

    Again, I doubt there's a scripting way of determining whether the user hit *shutdown* or *reboot* - at least not with easy matters. You'd best ask that question in a scripting group. You might get more qualified answers on this over there.

    cheers,

    Florian
    Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog
    Monday, July 21, 2008 6:16 PM
  • ah ha, I figured it out. I was under the impression that it would automatically make the script available like it does when you setup a login script for an individual user. However, I guess it doesn't and therefore I have to set it up using a UNC path instead. Looks like it's working now. I will check the individual components later.

    But continuing the other conversations.

    I figured setting the group policy to auto install WSUS would do the trick, but it still asks the user if they want to install it. So, I'd like to force it at shutdown.
    Tuesday, July 22, 2008 5:07 PM
  • Howdie!

    Waldo120 said:

    ah ha, I figured it out. I was under the impression that it would automatically make the script available like it does when you setup a login script for an individual user. However, I guess it doesn't and therefore I have to set it up using a UNC path instead. Looks like it's working now. I will check the individual components later.

    But continuing the other conversations.

    I figured setting the group policy to auto install WSUS would do the trick, but it still asks the user if they want to install it. So, I'd like to force it at shutdown.


    Glad you got it working. Let us know if there's anything left there.

    Regarding WSUS, did you configure the "Configure Automatic Updates" policy? You can specify a download and installation time and choose option 4 - to download and install updates automatically. That makes sense as you surely approve update before installation. There's another policy you can check, "Allow non-administrators to receive update notifications". Setting it do "disable" suppresses the Windows Update balloon for non-administrators.

    cheers,

    Florian
    Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog
    • Proposed as answer by David Shen Wednesday, July 23, 2008 7:31 AM
    • Marked as answer by David Shen Monday, July 28, 2008 8:04 AM
    Wednesday, July 23, 2008 5:35 AM
  • Firstly, thanks for your help.
     
    Yes, I do have it set to 4, but for 3am, when most users computers are off. This is why I like having a way to manually install the updates so I don't have to leave computers running all night and it doesn't install when it would slow them down. I could set it to noon or something, but then it will slow down people that aren't nessesarily on lunch at that time. We have some rather dated hardware.

    Allow non-administrators to revieve update notifications is enabled. But expecting users to actually click it is another ;P.

    Making the computer defrag at shutdown didn't go over well, so i've gone back to putting a script on everyone's desktop called "Computer Maintinance then shutdown.bat" they run manually every once and a while. However, i'm still using these scripts for other things.
    Wednesday, July 23, 2008 11:03 PM