I have hosted servers at a colocation facility, Windows 2012 R2 active directory domain. I have a policy that helps prevent things from installing as part of our malware defense, and it works fine.
But when I need to run windows updates, they fail. I would like to be able to set a specific time and date for the servers to run windows update, but in order for this to happen, I'd also have to be able to somehow, programmatically, disable this one particular group policy object.
I can set the servers to stagger their automatic updates and reboots over a Saturday early morning and a Sunday early morning to keep them from interfering with normal business operations, but unless I'm awake to manually turn off the group policy at that time (or turn it off much earlier the previous day and let it be disabled until I turn it back on) the updates would fail.
Is there some way I can script powershell, or a batch file, or something so that I can, for example, turn off the specified group policy object at X:XX time, and another to re-enable it at y:yy time?
Thanks for any suggestions