![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 94%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,661 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hello @Bloomblubloom ,
You can use the following information to set this up in your Active Directory environment. You can avoid providing the password in the batch file as it is not best security practice . I am assuming that you have a requirement to setup mass shutdown policy for all machines in your domain . The command that you have can do the trick without a problem. the below is the output if i run it locally.
C:\windows\system32>schtasks /create /tn shutdownPC /sc daily /st 23:25 /tr "%systemroot%\system32\shutdown -s -t 10"
SUCCESS: The scheduled task "shutdownPC" has successfully been created.
If you do not provide the user account details then the locally logged on user account will be used within whose session the script gets invoked . It also depends upon if you have set it up as a logon script or a startup script . In your case it would be better to define this script as a startup script which is defined in computer configuration section within the group policy console. In this case the script will add a scheduled task under local machine context on the domain controller. Please follow the following steps for the same.
- In order to set this up via group policy you require to be the domain administrator within the domain you are managing this.
- In order to distribute this file to all the domain controllers you can just add this to the NETLOGON folder on any one domain controller (preferably on the PDC from where you might be creating a group policy) which can be locally accessed on the domain controller using %systemroot%\SYSVOL\domain\scripts .
- Once the batch file is in place you can open the group policy management console (gpmc.msc) and select the OU where you would like to apply the script . Lets say you just want to setup a shutdown script on all domain controllers you should link the script on the domain controllers OU . If you would like this to apply to machines in any specific OU , you should link the new policy on that OU . You can right click the OU and click the option "Create a GPO in this domain, and link it here" .
-
- Once you have identified the OU hierarchy where all your machines are on which you want to apply the shutdown script , you can create a new group policy . The new policy that you have created can be right clicked and edited further to setup desired settings.
-
- Within the group policy console you can go to computer configuration > Policies > Windows Settings > Scripts > startup > click add to select the bat file you want to setup for running whenever the computer starts next time.
-
-
- Once you click browse you can select the policy you had placed within the scripts folder locally on the domain controller.
-
Whenever the GPO refresh on the client machines/domain controllers or any of the machines happens after setup of this group policy where it is setup to be applied, a copy of the batch script will be copied over from the NETLOGON folder to the local folder %systemroot%\System32\GroupPolicy\Machine\Scripts\Startup . If after application of policy and GPO convergence time (time within which complete replication takes place within your environment . It depends on network topology and many factors) within your environment , you get the bacth file here then all is good and in all probability you would not have any issues. But in this kind of setup the biggest issue is that AD/Sysvol replication is broken in most environments due to which the contents of the Sysvol (meaning netlogon scripts) are not replicated to all DCs. If you see the same please follow AD replication troubleshooter article .
Hope this helps. In case the information in this post helps you please do accept this as answer . In case you have any further queries , feel free to let us know and we will be happy to help you further.
Thank you.