Share via

task schedule is not working thru GPO

zahid haseeb 41 Reputation points
2021-08-26T12:47:52.593+00:00

I have a powershell script which run fine. I want to deploy the script to machines thru GPO. Below is my configuration. But the endpoint machines are unable to get the schedule tasks
126690-2021-08-26-173215.png

126789-2021-08-26-173228.png

126706-2021-08-26-173243.png126720-2021-08-26-173302.png

Script Details:

$date = Get-Date -Format ddMMMMyyyy
Get-Date >> \tps-bkp\Vyatta\AccessRightsReviews\$date
hostname >> \tps-bkp\Vyatta\AccessRightsReviews\$date
echo " " >> \tps-bkp\Vyatta\AccessRightsReviews\$date
net localgroup administrators >> \tps-bkp\Vyatta\AccessRightsReviews\$date
echo "#######################################" >> \tps-bkp\Vyatta\AccessRightsReviews\$date

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,285 questions
0 comments

8 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,426 Reputation points
    2021-08-26T16:10:27.107+00:00

    Hello @zahid haseeb

    On a Windows computer, you can set an execution policy for the local computer, for the current user, or for a particular session. You can also use a Group Policy setting to set execution policies for computers and users.

    Execution policies for the local computer and current user are stored in the registry. You don't need to set execution policies in your PowerShell profile. The execution policy for a particular session is stored only in memory and is lost when the session is closed.

    The below link enables cmdlet descriptions and syntax for all Scheduled Tasks cmdlets. It lists the cmdlets in alphabetical order based on the verb at the beginning of the cmdlet.

    https://learn.microsoft.com/en-us/powershell/module/scheduledtasks/?view=windowsserver2019-ps

    Hope this answers all your queries, if not please do repost back.
    If an Answer is helpful, please click "Accept Answer" and upvote it : )

    Regards,

    0 comments
  2. zahid haseeb 41 Reputation points
    2021-08-27T08:05:52.997+00:00

    Thanks for your words. I don't want to jump in details due to scripting knowledge. I have a simple query. My script is able to run via Task Schedule on local computer when I test. However when I want to run the same script from GPO > Schedule Task, it fails. Help me to verify where I am wrong. Further any log which I can check why the Schedule Task getting failed to run script thru GPO

    0 comments
  3. MotoX80 32,246 Reputation points
    2021-08-27T12:49:58.963+00:00

    127089-capture2.jpg

    The default handler for a .ps1 file is notepad.exe. You have to tell the task scheduler to run Powershell.exe with the name of the script as an argument.

    But the endpoint machines are unable to get the schedule tasks

    If the task is not getting defined on the workstation, use the gpresult tool or rsop.msc to verify that the correct policies are being applied.

    https://activedirectorypro.com/gpresult-tool/
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/use-resultant-set-of-policy-logging

    any log which I can check why the Schedule Task getting failed to run script thru GPO

    Start by checking the task scheduler on the client workstation. In the Actions pane, you may need to enable "All Tasks History". Then try to run the task and check the events in the History tab for errors.

    127067-capture.jpg

    If the script is being launched, but Powershell is failing for some reason, then one debugging trick is use cmd.exe to capture the stdout and stderr that Powershell produces. This will require you to modify the task in the policy.

    Schedule it to run cmd.exe with an argument like this. (Use whatever log folder you prefer.) 

    /c Powershell.exe -file C:\AccessRightsReviewServers.ps1  1>c:\temp\AccessRightsReviewServers.log 2>&1

    It should look similar to my test task. Run it and check the log for errors.

    127078-capture3.jpg

    0 comments
  4. zahid haseeb 41 Reputation points
    2021-08-31T09:42:42.547+00:00

    I am still not able to see tasks which supposed to sync from Domain/GPO to endpoint machines.

    127857-1.png127830-2.png127850-3.png127858-4.png127901-5.png

    Program / Script = cmd.exe
    Arguments = /c powershell.exe -ExecutionPolicy Bypass -File "\xxxxxx.com\SYSVOL\xxxxxx.com\scripts\AccessReviews.ps1"
    In case I try to troubleshoot, the logs are also not being generated by below syntax in arguments
    Arguments = /c powershell.exe -ExecutionPolicy Bypass -File "\xxxxxx.com\SYSVOL\xxxxxx.com\scripts\AccessReviews.ps1" 1>C:\GPOScripts\abc.log 2>&1

    In the last snap the endpoint machine is unable to fetch the task from Domain/GPO

  5. MotoX80 32,246 Reputation points
    2021-08-31T12:33:42.08+00:00

    I no longer have access to an Active Directory environment where I can recreate your issue. Based on experience, it would appear that you have one of 2 problems.

    1. The task is getting created, but it is hidden.
    2. The Group Policy is not being applied to the pc.

    From an admin command prompt on the client run these commands. Do you see your task name anywhere? 

    dir  /s /a /b C:\Windows\System32\Tasks | findstr -i  accessreview  
pause  
dir  /s /a-d C:\Windows\System32\Tasks

    Run regedit and search for the task name.

    127952-capture.jpg

    If you can't find it, then it would appear to be a group policy problem. From an admin command prompt run: 

    gpupdate /force  
gpresult /r /v

    You should see the name of your policy in the output.

    One other way to verify that the policy is being applied is to disable some service. In the policy where you defined the task, set some unused service like SNMP Trap or Telephony to disabled. Run gpupdate on the client and then check services.msc to see if the service startup type was changed.

    https://blog.eldernode.com/apply-group-policy-to-a-computer-in-active-directory/

    https://4sysops.com/archives/understanding-group-policy-order/

    0 comments