none
Restart computers via GPO RRS feed

  • Question

  • Hello all,

    I would like to do restart all our lab computers (joined into domain) daily at 23:59. Is there anyway I can schedule the script via GPO ? My domain controller in on windows 2003 ent server.


    Throw your ideas or point me in right direction how to achieve this.

    Madal

    Monday, December 29, 2008 11:25 PM

Answers

  •  

    Hi,

     

    As we know, there is a command line tool (schtasks.exe) that can create scheduled tasks. To achieve the goal, you may consider creating a batch file which creates a shutdown computer schedule task and then deploying the batch file to all clients by using startup script. we may create a bat files schedule to reboot the client computers. To do so, please perform the following steps:

     

    Step 1: Create a batch file to generate a schedule task

    ============================================

    1.       On your domain control server, open the notepad, enter the command below:

    schtasks /create /ru <administrator> /rp <password> /sc dialy /st 23:59:00 /tn shutdown /tr "shutdown /t 0 /r"

     

    NOTE: Please replace the <administrator> and <password> in the above command line by the actual user name and password that you would like to let the schedule task to run. For more information about the Schtasks.exe tool, please refer to the following Microsoft Knowledge Base article:

     

    814596  How to use Schtasks.exe to Schedule Tasks in Windows Server 2003

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;814596

     

    2.       Save this file as reboot.bat.

     

    Step 2: Assign a startup script to run the batch file

    =========================================

    After you have created the bat file, we should push down this schedule file through the Group Policy. We should add reboot.bat to startup scripts. And it will run reboot.bat to add a schedule task to the client computer. To do so, you can refer to the following Microsoft Knowledge Base article:

     

    How to assign scripts in Windows 2000

    http://support.microsoft.com/kb/322241/en-us

    (This should also apply on Windows Server 2003)

     

    If the shutdown schedule task is not created on clients, you may check the following:

    1.       The "startup script" should be placed in the path "%systemroot%\SYSVOL\sysvol\<domain >\Policies\<GPO GUID>\Machine\scripts\Startup" on the Domain Controller.

    2.       Restart the client to ensure that the startup script is run.


    Nick Gu - MSFT
    Tuesday, December 30, 2008 9:57 AM
    Moderator
  •  

    Hello Madal,

     

    Thank you for your reply.

     

    “Is there a way to encrypt the password ?”

     Based on my research, you can create a “Schtasks Helper script” and “Encode” it to improve security as described in the following example:

     

    1. On this share create a VBS file called Schtasks.vbs with the following code:

     

    Schtasks.vbs

     

    set shell=wscript.createobject("Wscript.shell")

    shell.run "schtasks /create /ru <administrator> /rp <password> /sc dialy /st 23:59:00 /tn shutdown /tr \\servershare\shutdown.bat

     

    shutdown.bat

     

    shutdown /t 0 /r

     

    2. Download the Windows Script Encoder from:

     

    http://www.microsoft.com/downloads/details.aspx?FamilyID=e7877f67-c447-4873-b1b0-21f0626a6329&displaylang=en&Hash=2eeLrR1Fo%2bgy0pOMTILIDCo2B6FWF5ncnlQW61ur2UdX0K7ZsIKKjttmjR%2bpFX5MMlQ4EW7GWRIwNA%2f4WFS0rw%3d%3d

     

    3. Encrypt the original .vbs file:

     

    screnc original_vbs_file.vbs vbs_encrypted_file.vbe

     

    The script encoder is a command-line tool that allows a scriptwriter to protect the contents of a script from unauthorized copies or modifications while (at the same time) allowing the script to run.

     

    Disclaimer

    This sample script is not supported under any Microsoft standard support program or service. The sample script is provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for

    any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages

     

    Actually, I also agree with Darren. You may use Group Policy Preferences to achieve the goal. It is a feature new in Microsoft Windows Server 2008. Group Policy preferences include mapped drives, scheduled tasks, and Start menu settings. For many types of operating system and application settings, using Group Policy preferences is a better alternative to configuring them in Windows images or using logon scripts. In fact, the new policy features in GPP support XP, Server 2003, Vista and Server 2008 “clients”. In order for clients to process GPP policy settings, they must install the GPP Client Side Extension (CSE) package, which is available from following site.

     

    Group Policy Preference Client Side Extensions for Windows XP

    http://www.microsoft.com/downloads/details.aspx?familyid=E60B5C8F-D7DC-4B27-A261-247CE3F6C4F8&displaylang=en

     

     

    For more details, you can download Group Policy Preferences Overview

    http://www.microsoft.com/downloads/details.aspx?FamilyID=42e30e3f-6f01-4610-9d6e-f6e0fb7a0790&DisplayLang=en

     

    regards,
    Nick Gu - MSFT
    Friday, January 9, 2009 1:31 AM
    Moderator

All replies

  •  

    Hi,

     

    As we know, there is a command line tool (schtasks.exe) that can create scheduled tasks. To achieve the goal, you may consider creating a batch file which creates a shutdown computer schedule task and then deploying the batch file to all clients by using startup script. we may create a bat files schedule to reboot the client computers. To do so, please perform the following steps:

     

    Step 1: Create a batch file to generate a schedule task

    ============================================

    1.       On your domain control server, open the notepad, enter the command below:

    schtasks /create /ru <administrator> /rp <password> /sc dialy /st 23:59:00 /tn shutdown /tr "shutdown /t 0 /r"

     

    NOTE: Please replace the <administrator> and <password> in the above command line by the actual user name and password that you would like to let the schedule task to run. For more information about the Schtasks.exe tool, please refer to the following Microsoft Knowledge Base article:

     

    814596  How to use Schtasks.exe to Schedule Tasks in Windows Server 2003

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;814596

     

    2.       Save this file as reboot.bat.

     

    Step 2: Assign a startup script to run the batch file

    =========================================

    After you have created the bat file, we should push down this schedule file through the Group Policy. We should add reboot.bat to startup scripts. And it will run reboot.bat to add a schedule task to the client computer. To do so, you can refer to the following Microsoft Knowledge Base article:

     

    How to assign scripts in Windows 2000

    http://support.microsoft.com/kb/322241/en-us

    (This should also apply on Windows Server 2003)

     

    If the shutdown schedule task is not created on clients, you may check the following:

    1.       The "startup script" should be placed in the path "%systemroot%\SYSVOL\sysvol\<domain >\Policies\<GPO GUID>\Machine\scripts\Startup" on the Domain Controller.

    2.       Restart the client to ensure that the startup script is run.


    Nick Gu - MSFT
    Tuesday, December 30, 2008 9:57 AM
    Moderator
  • Alternatively, if you are using Group Policy Preferences you can also setup a Scheduled Task directly though a GPO and bypass the login script route.

    Jim Mangan
    System Administrator
    Wednesday, December 31, 2008 7:08 PM
  • Hello Nick

    Thanks for your help. This looks working. I created OU - add one computer to that ou and created GPO and apply to that OU. Is there a way to encrypt the password ? Because user has to be a member of admin to restart the machine or how can i do more securely. Also, I wanted to add one more thing on it. when comptuer restarts with schedule on the same I want to delete local profies. I have small script which deletes all local profiles except some. Can I call that VB scripts at the same time ?

    Jim: -- how can I do achieve with Group Policy Preferences in windows 2003 ?

    Thanks for your support.

    Happy New year

    Madal
    Friday, January 2, 2009 2:08 PM
  • Madal-
    GP Preferences is an optional download that you can install on your Windows 2003 boxes and manage from the GPMC version that ships with Vista, SP1 and Server 2008. I would suggest going to the TechNet website and searching on Group Policy Preferences. Also, I wrote an overview whitepaper on it here: http://www.gpoguy.com/Portals/0/Group%20Policy%20Preferences%20Overview.pdf

    Darren
    Darren Mar-Elia MS-MVP, Group Policy
    www.gpoguy.com
    www.sdmsoftware.com - "The Group Policy Experts"
    Tuesday, January 6, 2009 1:19 AM
  •  

    Hello Madal,

     

    Thank you for your reply.

     

    “Is there a way to encrypt the password ?”

     Based on my research, you can create a “Schtasks Helper script” and “Encode” it to improve security as described in the following example:

     

    1. On this share create a VBS file called Schtasks.vbs with the following code:

     

    Schtasks.vbs

     

    set shell=wscript.createobject("Wscript.shell")

    shell.run "schtasks /create /ru <administrator> /rp <password> /sc dialy /st 23:59:00 /tn shutdown /tr \\servershare\shutdown.bat

     

    shutdown.bat

     

    shutdown /t 0 /r

     

    2. Download the Windows Script Encoder from:

     

    http://www.microsoft.com/downloads/details.aspx?FamilyID=e7877f67-c447-4873-b1b0-21f0626a6329&displaylang=en&Hash=2eeLrR1Fo%2bgy0pOMTILIDCo2B6FWF5ncnlQW61ur2UdX0K7ZsIKKjttmjR%2bpFX5MMlQ4EW7GWRIwNA%2f4WFS0rw%3d%3d

     

    3. Encrypt the original .vbs file:

     

    screnc original_vbs_file.vbs vbs_encrypted_file.vbe

     

    The script encoder is a command-line tool that allows a scriptwriter to protect the contents of a script from unauthorized copies or modifications while (at the same time) allowing the script to run.

     

    Disclaimer

    This sample script is not supported under any Microsoft standard support program or service. The sample script is provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for

    any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages

     

    Actually, I also agree with Darren. You may use Group Policy Preferences to achieve the goal. It is a feature new in Microsoft Windows Server 2008. Group Policy preferences include mapped drives, scheduled tasks, and Start menu settings. For many types of operating system and application settings, using Group Policy preferences is a better alternative to configuring them in Windows images or using logon scripts. In fact, the new policy features in GPP support XP, Server 2003, Vista and Server 2008 “clients”. In order for clients to process GPP policy settings, they must install the GPP Client Side Extension (CSE) package, which is available from following site.

     

    Group Policy Preference Client Side Extensions for Windows XP

    http://www.microsoft.com/downloads/details.aspx?familyid=E60B5C8F-D7DC-4B27-A261-247CE3F6C4F8&displaylang=en

     

     

    For more details, you can download Group Policy Preferences Overview

    http://www.microsoft.com/downloads/details.aspx?FamilyID=42e30e3f-6f01-4610-9d6e-f6e0fb7a0790&DisplayLang=en

     

    regards,
    Nick Gu - MSFT
    Friday, January 9, 2009 1:31 AM
    Moderator
  • Let me see if I understand this correctly. To create a scheduled task to reboot a PC, I need to manually reboot the PC (to apply the startup script which creates a scheduled task to reboot the system)? Doesn't this seem to defeat the purpose?
    Wednesday, April 30, 2014 4:55 PM
  • all this just to reboot some PC's MS at it's best again, this seems like a simple process that has turned into a complicated mess that my guess will never work especially across different OS's.  Will work for 7 but not 8 and 10 will with for 10 but not 8 and 7 etc etc.  If all the stars don't line up with these GPO's they are worthless.  
    Tuesday, September 15, 2015 5:33 PM