Solved

Turn on and off a specific group policy in Active Directory via batch, script, or some other scheduled option?

Posted on 2016-09-16
6
30 Views
Last Modified: 2016-10-17
I have hosted servers at a colocation facility, Windows 2012 R2 active directory domain.  I have a policy that helps prevent things from installing as part of our malware defense, and it works fine.

But when I need to run windows updates, they fail.  I would like to be able to set a specific time and date for the servers to run windows update, but in order for this to happen, I'd also have to be able to somehow, programmatically, disable this one particular group policy object.  

I can set the servers to stagger their automatic updates and reboots over a Saturday early morning and a Sunday early morning to keep them from interfering with normal business operations, but unless I'm awake to manually turn off the group policy at that time (or turn it off much earlier the previous day and let it be disabled until I turn it back on) the updates would fail.

Is there some way I can script powershell, or a batch file, or something so that I can, for example, turn off the specified group policy object at X:XX time, and another to re-enable it at y:yy time?

Thanks for any suggestions
0
Comment
Question by:networkspecialists
  • 3
  • 2
6 Comments
 
LVL 5

Accepted Solution

by:
Manuel Flores earned 250 total points (awarded by participants)
ID: 41802951
You can apply the GPObject to a given groups, users and devices using the gpmc.msc at Scope -> Filtering, so a given user (an admin) would be not affected for the policy.

I would try and investigate that options.

..MFlores..
0
 
LVL 23

Assisted Solution

by:NVIT
NVIT earned 250 total points (awarded by participants)
ID: 41803151
See the post by Dale, at the bottom... "After going through the whole threads, the error is due to..."

Your case would be like:

Import-Module GroupPolicy
Set-GPLink –Name myGPO –Target “ou=MyOU,dc=contoso,dc-com” –LinkEnabled No

Open in new window


https://social.technet.microsoft.com/Forums/scriptcenter/en-US/92100b09-4a5b-4b66-8903-fdd786a58f5e/enablingdisabling-a-gpo?forum=winserverpowershell

In that post, the solution worked using the GUID instead of the Name. So you may need to use GUID if Name doesn't work.

After you confirm it works manually, you can add it to a scheduled task to automate it. Your task action would be like:
powershell.exe -ExecutionPolicy Bypass -File c:\foldername\filename.ps1

Open in new window

0
 

Author Comment

by:networkspecialists
ID: 41818314
Thanks, never got the notification that this question had answers, so I'll be trying this stuff this week!

John
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41846302
Both solution would probably fix the question.  The requester should try both to see which is more convenient.
0
 

Author Comment

by:networkspecialists
ID: 41846799
Flores' shouldn't have been marked as an answer, since simply telling me that group policies can be applied to specific things did nothing to answer my actual question.  

NVIT, your answer was perfect.  Created two batch files to run a powershell.exe command with PS1 files, one to turn on, one to turn off, and it does exactly what I needed.  Thanks!
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41846835
Hi networkspecialists,

Please, instead of giving a condescending response, you should have given that points to the people you agree with... on time!.  Your last comment was 2016-09-27.  Time enough to award the points to the person that gave the correct answer.  Like it or not, I gave some answer to your question spending my own time, please keep this in mind.

I agree if it is possible to revert the points awarded to me.

Regards,
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

28 Experts available now in Live!

Get 1:1 Help Now