Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Turn on and off a specific group policy in Active Directory via batch, script, or some other scheduled option?
Posted on 2016-09-16
I have hosted servers at a colocation facility, Windows 2012 R2 active directory domain. I have a policy that helps prevent things from installing as part of our malware defense, and it works fine.
But when I need to run windows updates, they fail. I would like to be able to set a specific time and date for the servers to run windows update, but in order for this to happen, I'd also have to be able to somehow, programmatically, disable this one particular group policy object.
I can set the servers to stagger their automatic updates and reboots over a Saturday early morning and a Sunday early morning to keep them from interfering with normal business operations, but unless I'm awake to manually turn off the group policy at that time (or turn it off much earlier the previous day and let it be disabled until I turn it back on) the updates would fail.
Is there some way I can script powershell, or a batch file, or something so that I can, for example, turn off the specified group policy object at X:XX time, and another to re-enable it at y:yy time?
Thanks for any suggestions
But when I need to run windows updates, they fail. I would like to be able to set a specific time and date for the servers to run windows update, but in order for this to happen, I'd also have to be able to somehow, programmatically, disable this one particular group policy object.
I can set the servers to stagger their automatic updates and reboots over a Saturday early morning and a Sunday early morning to keep them from interfering with normal business operations, but unless I'm awake to manually turn off the group policy at that time (or turn it off much earlier the previous day and let it be disabled until I turn it back on) the updates would fail.
Is there some way I can script powershell, or a batch file, or something so that I can, for example, turn off the specified group policy object at X:XX time, and another to re-enable it at y:yy time?
Thanks for any suggestions
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3-
2
6 Comments
You can apply the GPObject to a given groups, users and devices using the gpmc.msc at Scope -> Filtering, so a given user (an admin) would be not affected for the policy.
I would try and investigate that options.
..MFlores..
I would try and investigate that options.
..MFlores..
Active today
See the post by Dale, at the bottom... "After going through the whole threads, the error is due to..."
Your case would be like:
https://social.technet.microsoft.com/Forums/scriptcenter/en-US/92100b09-4a5b-4b66-8903-fdd786a58f5e/enablingdisabling-a-gpo?forum=winserverpowershell
In that post, the solution worked using the GUID instead of the Name. So you may need to use GUID if Name doesn't work.
After you confirm it works manually, you can add it to a scheduled task to automate it. Your task action would be like:
Your case would be like:
Import-Module GroupPolicy
Set-GPLink –Name myGPO –Target “ou=MyOU,dc=contoso,dc-com” –LinkEnabled No
https://social.technet.microsoft.com/Forums/scriptcenter/en-US/92100b09-4a5b-4b66-8903-fdd786a58f5e/enablingdisabling-a-gpo?forum=winserverpowershell
In that post, the solution worked using the GUID instead of the Name. So you may need to use GUID if Name doesn't work.
After you confirm it works manually, you can add it to a scheduled task to automate it. Your task action would be like:
powershell.exe -ExecutionPolicy Bypass -File c:\foldername\filename.ps1
Thanks, never got the notification that this question had answers, so I'll be trying this stuff this week!
John
John
Both solution would probably fix the question. The requester should try both to see which is more convenient.
Flores' shouldn't have been marked as an answer, since simply telling me that group policies can be applied to specific things did nothing to answer my actual question.
NVIT, your answer was perfect. Created two batch files to run a powershell.exe command with PS1 files, one to turn on, one to turn off, and it does exactly what I needed. Thanks!
NVIT, your answer was perfect. Created two batch files to run a powershell.exe command with PS1 files, one to turn on, one to turn off, and it does exactly what I needed. Thanks!
Hi networkspecialists,
Please, instead of giving a condescending response, you should have given that points to the people you agree with... on time!. Your last comment was 2016-09-27. Time enough to award the points to the person that gave the correct answer. Like it or not, I gave some answer to your question spending my own time, please keep this in mind.
I agree if it is possible to revert the points awarded to me.
Regards,
Please, instead of giving a condescending response, you should have given that points to the people you agree with... on time!. Your last comment was 2016-09-27. Time enough to award the points to the person that gave the correct answer. Like it or not, I gave some answer to your question spending my own time, please keep this in mind.
I agree if it is possible to revert the points awarded to me.
Regards,
Featured Post
We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
- Virtualization
- Windows 10
- Windows Server 2016
- Windows Server 2012
- Hyper-V
- Windows, Azure, *Clustering
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s
ManageEngine
webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller.
Log onto the new domain controller with a user account t…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month5 days, 16 hours left to enroll
626 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.