This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 99%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
I'm looking for a way to push out commands to all workstations. The scenario is as follows:
I often go to environments that I am not familiar with to audit the network. Part of that is a network scan, but to use our specific tools we need to configure a couple of things on every workstation (enable wmi access, enable file and printer sharing, etc.). We have a batch file we can run on every computer, but this solution does not scale well as you can imagine. I've included the commands we run below.
Ideally, there would be a way to push out the batch file to run one time on all computers connected to the domain. Alternatively, we could create a new batch file that creates GPO that does the same things, but this is something that I have not done before.
Any help is really appreciated!
rem Allow the device to be pingable through Windows Firewall
netsh firewall set icmpsetting type=ALL mode=enable
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
netsh advfirewall firewall add rule name="ICMP Allow incoming V6 echo request" protocol=icmpv6:8,any dir=in action=allow
rem Turn on File and Printer Sharing
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
rem Allow WMI access through Windows Firewall
netsh firewall set service type=remoteadmin mode=enable
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
rem Add user account
net user [REDACTED] /add
net localgroup Administrators [REDACTED] /add
Rem Set WMI Permissions
sc sdset SCMANAGER D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
ECHO End of script
PAUSE
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Hi,
Welcome to share here!
For the commands or the scripts i'm afraid i can't give more advice since not familiar with it.
For how to deploy a scripts, you can consider the following ways due to your requirement.
Logon scripts :scripts run when users logon
Startup scripts:scripts run when computers restart
For your reference: Using Startup, Shutdown, Logon, and Logoff Scripts in Group Policy
Schedule task:scripts run at the scheduled time
How to Configure a Scheduled Task Item using Group Policy
This response contains a third-party link. We provide this link for easy reference. Microsoft cannot guarantee the validity of any information and content in this link.
Best Regards,
Hi,
Thank you for your reply. Unfortunately, due to the nature of what we are after, the script needs to run on command one time. We can't always re-log or reboot the computers, so we really just want to push it out one time.
Hi,
Schedule task: scripts run at the scheduled time
https://www.faqforge.com/windows-server-2016/configure-scheduled-task-item-using-group-policy/
This is the one for your requirement.
There are settings for you to configure it to run the command only once and not reapply .
Check the following settings when configure the schedule task.
Hi,
Thank you again for taking the time to answer. I'm looking for something a less involved with GUI's. The gold standard is a script that would create a GPO to accomplish the above tasks.
Hi,
Sorry for can't provided more professional advice for using the scripts to accomplish this task.
Best Regards,