GPO Startup Script

I am having an issue with a Function I am calling in a startup script on Server 2008 R2. The function runs the Register-ScheduledJob cmdlet, which in turn creates a task that schedules the running of the Disk Cleanup Tool monthly on the user’s local disk.

I am struggling because I have tried to apply basic troubleshooting (I am still raw with Powershell), so have run from the PS console each line within the function. I have executed the function manually, I have created a Start-Job cmdlet that runs the Powershell script from within the console. All these steps cause the Scheduled Job to be created. However it does not appear to run when applying Group Policy on startup.

There is nothing wrong with the GPO, since I had other PS Scripts inside, including one that wrote to the HKLM: Branch in the registry…My understanding is that the script on startup runs as the SYSTEM Account, as I type this I am thinking is it because it would need to save the xml in the ScheduledJob folder in the SYSTEM Profile which does not exist. Am I therefore needing to offer it alternate credentials…any advice would be much appreciated.

This is a “problem.” Magazines have “issues.” :slight_smile:

My initial suspicion would indeed be permissions. The SYSTEM account has limitations, and it might not be permitted to mess with scheduled jobs. It isn’t just that it needs to save XML; it’s the APIs it has to talk to. And I’m not sure there’s an effective means of adding alternate credentials. GPO scripts aren’t necessarily built with this use case in mind. Is this just a one-time task? Seems like it’d be easier to just do it remotely than via a GPO.

Hi Don, good to talk to you. Really appreciate the time you took with CBNuggets videos. Learning alot…Anyways enough brown nosing. :slight_smile:

I know it works as a remote command and I have whilst trialing added the jobs to virtual desktops, but I was hoping to use this as a last resort for this, and future scheduled tasks…As a Service Provider we host SMB’s within our Shared Active Directory environment and for future deployments I would be much happier not relying on someone else to register the scheduled jobs.

I guess I was just hoping it was something I could apply through Group Policy and then never worry about future tenants…

How about using GP Preferences to create a new scheduled task? This task can easily be configured to run a powershell script to do the cleanup.

Another option you could try may be just to use a combination of good old netlogon and schtask, filtering if necessary by group membership. You could also use this for the process of actually copying the .xml file down to the client first before you register the task with schtasks. No PowerShell used, but unless you’re fixed on using PS for the sake of using PS, then maybe its a better option.

Thanks everyone for your assistance. Just to let you know how I resolved my problem (eh Don!) I followed Matt’s advice and created a Scheduled Task in the Preferences section of Group Policy, but then configured an argument which used settings I scripted with Powershell, defining what was to be cleaned up.