Skip to main content

Rebooting Clients with PowerShell Part 2 of 2



Last Tuesday, we looked at how to reboot/shutdown/logoff remote clients in powershell. We also looked the GPO settings to allow you to do this to any client. Now, we are going to allow you to do this to multiple clients all at once.

First off, the original objective of this post was to recreate a script that I used in VBScript to reboot my servers during the wee morning hours so I would not have to get out of bed. So, before proceeding any further, please create a service account with appropriate rights. In 2008, there is an OU called Managed Service Accounts. Why not place it there.

OK, here are our tasks:
• Create a text file containing the names of the clients that we want to reboot.
• Create a script that reads each file and reboots the correct client.
• Create a scheduled task for you to designate when this should happen.

Task 1: Create a text file containing the names of the clients that we want to reboot.
This is a simple one. Just create a text file and put one client name per line. Save it in a location that the service account has access to. By using this text file, you will be able to easily add and remove client names.

Task 2: Create a script that reads each file and reboots the correct client.
# ======================================
# Script Name:
# Author: Jason A.Yoder, MCT
# Company: MCTExpert, Inc.
# Website: www.MCTExpert.com
# Blog: www.MCTExpert.blogspot.com
# Version: 1.0
# Created: Aug. 9, 2009
# Purpose: This script is designed to allow
# Network Administrators the ability
# too schedule the rebooting of any of
# their client.
# ======================================

# ======================================
# Script Body
# --------------------------------------

#Load the list of clients.
$ClientList = gc c:\ClientList.txt

# Cycle through each name on the list and Force Reboot
# that client.
ForEach ($Comp in $ClientList)
{
$CompObj = gwmi Win32_OperatingSystem –computer $Comp
$CompObj.Win32Shutdown(6)
}


# ======================================
# End of Script Body
# ======================================

In the above script, we are assuming that the text file containing the names of the clients to reboot is contained at c:\ClientList.txt. We use the Get-Content, or GC, cmdlet to read the contents into the variable $ClientList. From there we use the ForEach loop to cycle through each client and reboot it. You should recognize the two lines of code from part I of this article.

Task 3: Create a scheduled task for you to designate when this should happen.
PowerShell has some built in security. If you double click on a .PS1 file (PowerShell script), it just opens in Notepad. That is by design. You can execute a command line to run the script without opening the PowerShell Shell.

The command to do this is: PowerShell.exe FilePath\Filename.ps1

The problem here is that you need to run the Set-ExecutionPolicy command from inside of PowerShell to allow scripts to run. Running this command will only error out:
File ----- cannot be loaded because the execution of scripts is disabled on
This system. Please see “get-help about_signing” for more details.”

To fix this problem, you need to set the execution policy in Group Policy.
• Open Group Policy Editor.
• Create or edit the policy that will control the client that the script is running on.
• Expand: Computer Configuration --> Policies --> Administrative Templates --> Windows Powershell.
• Open Turn on Script Execution.
• Select Enabled
• From the drop down box, select Allow local scripts and remote signed scripts.
• Click OK.
• Close Group Policy Management Editor.
• Make sure you refresh the policy on the computer that the script will run on.

Now that we have set the Execution Policy, we can create the scheduled task.

• Click Start.
• Right Click Computer and select Manage.
• Click Configuration --> Task Schedular.
• Click Create Task from the Actions pane.
• Provide a name and description for this task. Remember, you want other people who may look at your work to be able to understand it.
• Click Change User or Group.
• Provide the credentials for your service account.
• Click the Triggers tab.
• Click New.
• Select One Time for the frequency.
• Give it the date and time you want this task to run. Remember, this is a forced reboot. Make sure you are not interfering with work or backups.
• Click Actions tab.
• Click New.
• Click Start a program and click Next.
• In the Program/Script field type powershell.exe FilePath\FileName.ps1.
• Click OK.
• If you are prompted about running a program with arguments, click Yes.
• Click OK

From here on out, each time you need to use the task, just edit the trigger for the date and time that you want. A lot of work, but we learned many key activities in both part I and part II

• How to create an instance of a WMI Object.
• How to enumerate the methods and properties of an object.
• The different shutdown parameters available in Win32_OperatingSystem.Win32Shutdown.
• How to open PowerShell with administrative credentials.
• How to manually allow PowerShell to execute scripts on remote computers.
• How to configure PowerShell to execute scripts on remote computers via Group Policy.
• The PowerShell cmdlets that let us read text files into our scripts.
• How to execute a PowerShell script without having to open PowerShell.
• How to set the Execution Policy through Group Policy.
• How to create a Scheduled Task.

By the way, That VB script had 58 lines of code in the main code, and 1 function with 25 lines of code. We did this in 6 lines of code with no functions. Can you see any advantages to PowerShell now?


Comments

Popular posts from this blog

How to list all the AD LDS instances on a server

AD LDS allows you to provide directory services to applications that are free of the confines of Active Directory.  To list all the AD LDS instances on a server, follow this procedure: Log into the server in question Open a command prompt. Type dsdbutil and press Enter Type List Instances and press Enter . You will receive a list of the instance name, both the LDAP and SSL port numbers, the location of the database, and its status.

How to run GPResult on a remote client with PowerShell

In the past, to run the GPResult command, you would need to either physically visit this client, have the user do it, or use and RDP connection.  In all cases, this will disrupt the user.  First, you need PowerShell remoting enabled on the target machine.  You can do this via Group Policy . Open PowerShell and type this command. Invoke-Command –ScriptBlock {GPResult /r} –ComputerName <ComputerName> Replace <ComputerName> with the name of the target.  Remember, the target needs to be online and accessible to you.

Error icon when creating a GPO Preference drive map

You may not have an error at all.  Take a look at the drive mapping below. The red triangle is what threw us off.  It is not an error.  It is simply a color representation of the Replace option of the Action field in the properties of the drive mappings. Create action This give you a green triangle. The Create action creates a new mapped drive for users. Replace Action The Replace action gives you a red triangle.  This action will delete and recreate mapped drives for users. The net result of the Replace action is to overwrite all existing settings associated with the mapped drive. If the drive mapping does not exist, then the Replace action creates a new drive mapping. Update Action The Update action will have a yellow triangle. Update will modify settings of an existing mapped drive for users. This action differs from Replace in that it only updates settings defined within the preference item. All other settings remain as configured on the ma...