1

I have a Powershell script I need to deploy to my clients PC and then run it on shutdown.

I̶ ̶k̶n̶o̶w̶ ̶i̶t̶ ̶i̶s̶ ̶p̶o̶s̶s̶i̶b̶l̶e̶ ̶t̶o̶ ̶r̶u̶n̶ ̶P̶o̶w̶e̶r̶s̶h̶e̶l̶l̶ ̶s̶c̶r̶i̶p̶t̶s̶ ̶o̶n̶ ̶s̶h̶u̶t̶d̶o̶w̶n̶ (it seems I am having issues too with this), the problems is the script uses "local" path such as "$env:LOCALAPPDATA" and "C:\Windows\system32\someprogram.exe" so I think I need to copy it over first on the client's PC and then make it run on shutdown because of paths.

First off, what is the proper way to deploy a Powershell script to run on Shutdown thru group policy?

Is this the way it should be done?

riahc3
  • 505
  • 5
  • 11
  • 29

1 Answers1

1

Concerning local enviremental variables or paths in a powershell script, it is not important where the script file is located, but where it is executed.

Meaning, you just have to be shure that the paths and variables exist on the machine you want to execute the script on. Powershell will then use "his" local C:\Windows\System32\someprogram.exe, and not the one on the machine where the script file is located.

EDIT: Of course the client pc that wants to execute the script must reach the file somehow, so you must place it in a network share with proper security permissions or, if you use GPO for execution, in the sysvol share.

EDIT2:

Now the complete way for a shutdown powershell script delivered via GPO:

  • If you want to use a new GPO, create it.
  • Create the script you want to deliver.
  • Open Group Policy Editor on one of your DCs, and Edit the GPO you want to use for the shutdown script
  • Navigate to "Computer Configuration - Policies - Windows Settings - SCripts (Startup/Shutdown) - Shutdown"
  • Click "Add" - "Browse". Now you see the share path of the folder where Microsoft wants you to put the script. You can either use this path, or any other path in the Network with proper user rights.
  • Copy the script to the location you want it to be, best is to use the path predefined by Windows
    • if you want to use this predefined path, you have to know that the share path you see is write-protected. So you have to use the local sysvol path. Just replace \\yourdomain.local\SYSVOL\yourdomain.local by C:\Windows\SYSVOL\Domain
  • Now in the GPO-Window you can select the Script you want to execute - here you have to use the share path, not the local one!
  • while testing, also note that the Group Policy Object is saved after closing it. So if you change it and do not close the object, the changements won't take affect!
Tobias
  • 1,236
  • 1
  • 13
  • 25
  • But the Powershell script itself is on the server. Shouldnt that be deployed to the client PC and be ran on the client PC itself so it gets the local paths? – riahc3 Jul 31 '15 at 07:39
  • As i said: for what i know, powershell does not care where the file is located (concering the paths). The powershell process can run a script from a server share, but will always refer to local paths and variables. Of course the client pc that wants to execute the script must reach the file somehow, so you must place it in a network share or, if you use GPO for execution, in the sysvol share. – Tobias Jul 31 '15 at 07:41
  • For some reason, I can't put it in the sysvol share.....and I'm domain admin – riahc3 Jul 31 '15 at 07:58
  • i belive that by default the Sysvol-Share is write-protected, even for domain admins. You have to access the local source of the sysvol share, which should be found at C:\Windows\SYSVOL\domain - possible location for your scipts could be the folder "scripts". In the GPO you still have to refer to the network path to the sysvol share. – Tobias Jul 31 '15 at 08:02
  • Mine are located at: C:\Windows\SYSVOL\domain\Policies\{E7156B34-A712-4E18-8D83-83105207D870}\Machine\Scripts Is this normal? – riahc3 Jul 31 '15 at 08:08
  • This crazy long unreadable ID is the subfolder of a specific Group Policy Object. I'm just to lazy to use these locations, i put most of my scripts and files in C:\Windows\SYSVOL\domain\scripts. But in fact, i think your way is the one Microsoft wants us to use... :-D – Tobias Jul 31 '15 at 08:12
  • Testing this. It does not work on Windows 10 pre RTM so I have to boot up a Windows 7 SP1 machine just in case since almost all our machines are Windows 7 SP1. – riahc3 Jul 31 '15 at 08:15
  • Never mind. Your 6.1 point is just about copying the file, not actually getting it in the GPO. Like I suspected, in the GPO, I have to set it to the share path. – riahc3 Jul 31 '15 at 08:42
  • Does not work. Did gpupdate /force on both server and client. gpresult /r shows that the policy is being applied. Where can I check logs about this? – riahc3 Jul 31 '15 at 08:49
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/26462/discussion-between-tobias-and-riahc3). – Tobias Jul 31 '15 at 11:52
  • Sure. If anyone would like to add input, please do so. – riahc3 Jul 31 '15 at 13:04