- Windows Server
- 24 September 2021 at 08:44 UTC
-
Although group policies allow you to do a lot of things and configure a lot of things transparently, you can also create batch files, vbs or PowerShell scripts, ... and run them at computer startup, at the opening of the session, ...
- Load scripts from GPOs
- Add scripts to a Group Policy Object (GPO)
- Add PowerShell scripts to a Group Policy Object (GPO)
1. Load scripts from GPOs
To get started, create a GPO and edit it.
For the computer configuration, you can run scripts when the computer starts up and when it stops by going to : Computer Configuration -> Policies -> Windows Settings -> Scripts (Startup/Shutdown).
For user configuration, you can run scripts at logon and logoff by going to : User Configuration -> Policies -> Windows Settings -> Scripts (Logon/Logoff).
2. Add scripts to a Group Policy Object (GPO)
Whatever the trigger for executing a script, the properties window and the principle for adding and managing your scripts are identical.
In the properties window that appears, you will still find the "Show Files" button at the bottom of the window.
By clicking on this button, you will arrive in a sub-folder of the style "User\Scripts\Logon" which is itself in a folder with a unique identifier which corresponds to that of the GPO object being modified.
If you have more than one domain controller, you must store your scripts here so that they are replicated to your other domain controllers.
Indeed, since we are in a sub-folder of "SYSVOL", all the files stored here will be replicated automatically and transparently to your other domain controllers.
Note : if you want to display the file extensions in the file explorer, go to "View", then click on : Options -> Change folder and search options.
Then, in the "View" tab, uncheck the "Hide extensions for known file types" box.
For this tutorial, we created 3 types of scripts :
- test.ps1 : a PowerShell script
- test.bat : a batch file
- test.vbs : a VBScript
In the "Scripts" tab, you can add several types of scripts :
- ".bat", ".com" and ".exe"
- ".wsf", ".vbs" and ".js" thanks to Windows Script Host (wscript)
Note that PowerShell scripts (.ps1) will need to be added via the "PowerShell Scripts" tab.
To add a script, click : Add.
Click on : Browse.
Select the desired script.
In our case, the "test.bat" script.
If you want, you can pass a parameter to this script.
When you add several scripts for the same event (in this case : the opening of the session), you have the possibility to change the execution order of your scripts by using the "Up" and "Down" buttons.
The order has been changed.
3. Add PowerShell scripts to a Group Policy Object (GPO)
For PowerShell scripts, the principle for adding them and the folder where to store them is the same.
However, it's obviously necessary that PowerShell is installed on the client PC for them to work correctly.
To add a PowerShell script, click "Add".
Click on : Browse.
Select your PowerShell script (whose extension is : .ps1).
As with other types of scripts, you can pass one or more parameters to it if you wish.
The added PowerShell script appears in the list.
If you added scripts via the "Scripts" tab, as well as PowerShell scripts via the "PowerShell Scripts" tab, you can choose :
- Run Windows PowerShell scripts first
- Run Windows PowerShell scripts last
Share this tutorial
To see also
-
Windows Server 4/16/2021
Windows Server - AD DS - How Active Directory replication works
-
Windows Server 4/30/2021
Windows Server - AD DS - Overview of Active Directory functional levels
-
Windows Server 4/3/2021
Windows Server - AD DS - The basics of Active Directory
-
Windows Server 5/21/2021
WS 2016 - AD DS - Add a domain controller to an existing AD domain
You must be logged in to post a comment