Заметки сисадмина » GPO to restart all computers in our Domain

Заметки сисадмина о интересных вещах из мира IT, инструкции и рецензии. Настраиваем Компьютеры/Сервера/1С/SIP-телефонию в Москве

GPO to restart all computers in our Domain

2020-11-13 · Posted in Active Directory

While you can create a Scheduled Task to reboot the computer at a certain time, (Computer Configuration -> Preferences -> Control Panel Settings, run the shutdown command with -R -F arguments), this won’t necessarily perform WSUS updates. What I’ve done for our servers is to set the following policies:

При работе с расширением клиентской стороны групповой политики «Назначенные задания» нельзя не обратить внимание на такой момент, как наличие назначенных и очередных заданий. Основное отличие между ними в том, что у вас есть возможность создания, обновления, замены или удаления такого задания, а при создании очередного задания, такая задача будет запускаться сразу после обновления групповой политики, а затем автоматически удаляться, причем, для очередных заданий нет возможности указания триггеров. Думаю, не стоит останавливаться на объяснении работы триггеров, а просто стоит обратить внимание на то, что триггерами называется набор условий, при выполнении которых запускается задание. Триггеры могут быть основаны на времени и запускать задание однократно в определенное время суток либо ежедневно, еженедельно или ежемесячно, или основаны на событиях, которые запускают задание при возникновении определенных системных событий.

Через политики вы не можете создать задачу или сервис и указать в ней пароль (так уже года 4 не работает) и связано это с тем что пароли храняться в политике в открытом виде и пол вашей компании может его без труда прочитать. А учитывая любовь создавать задачи/службы с правами домен админа, эта ситуация была феерична и MS эту дыру прикрыло.

Automatic Restarts Make for a Smooth Day

How many times has a reboot cleared out a quirky issue? How many times have you had to ask, “have you restarted yet?”  By using Group Policy Preferences Scheduled Tasks, you can ensure that every computer automatically reboots once a day.

This simple task allows software to install and updates to apply before your users arrive for the day.  Got five minutes to set this up? Great! Let’s configure a daily restart task.

Decide where to store the scheduled task. You could launch the GPMC and create a new GPO named Daily Restart. Or put the task in a related GPO (such as one that configures Power Options). Next, navigate to Computer Configuration/Preferences/Control Panel Settings/Scheduled Tasks.

Right click on Scheduled Tasks and select New – Scheduled Task (at least Windows 7).  Name your task and provide a description. Change the task’s account to NT Authority\System and select the Run whether user is logged on or not option.


Select the Triggers tab and create a new trigger. Set the task to begin on a schedule and select the Daily option. In our environment, the restart occurs before our first employees arrive.

You will want to set your task to begin early enough that you restart the maximum number of computers. Later, we will configure the task to not run if the machine is in use.


With your trigger is configured, select the Actions tab and create a new action. Leave the action type at Start a Program. For the program, enter:

shutdown.exe -r -f -t 0

This will forcefully restart a machine with a zero second delay. Make sure that your command includes a zero instead of the letter o. If your machines automatically start up in the morning, you could make your command shutdown.exe -s -f .

One last fun fact before we get back on topic. Shutdown.exe -i makes remotely shutting down groups of machines easy. You can even prompt a message up on a user’s screen. Now back to your regularly scheduled article.


In your Daily Restart task preference, select the Conditions tab. If needed, configure the task to start only if the machine is idle for X amount of time. Under Power, check all three options. This will ensure that remote laptops don’t scare their owners by restarting at 5 AM.

Allowing the task to Wake the computer to run might seem counter intuitive. If the machine is off, why would we want to wake it up just to restart it? Certain Group Policy settings only process on a true startup. The biggest example is Group Policy Software Installation.

If the machine hibernated the previous day, it would not install your applications until the next full reboot. Setting the task to wake the machine ensures a full restart every day!

The final bit of configuration that you might want to do is to limit the deployment of this task. For example, you might have certain machines that should never restart automatically. To do this, select the common tab and configure a new Item Level Target. My preferred method is limit deployment to all machines not in a specified security group.


Setting your computers to automatically restart is one more way to make your day smoother! What other tricks do you use to make life a bit simpler

GPO for Scheduled Task to reboot PC’s not showing up on desktops

We can try to configure the GPO as below:
1) Create an OU, put all the computers into this OU.
2) Create a GPO, and link it to this OU.
3) Locate at: Computer Configuration\Preferences\Control Panel Settings\Scheduled Tasks\right click Scheduled Tasks\New\Scheduled Task(At least Windows 7).
4)  Edit the GPO.

General tab:

Triggers tab:

Action tab:

In our case,  we’d like to change the reboot time at a specific time point once a week, instead.
Select Run only when user is logged on or Run whether user is logged on or not. 
We can try the steps above, if anything is unclear, please feel free to let us know.

Similar case:
Issues deploying a Scheduled Task through GPO

Configure a Scheduled Task Item


Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.


Leave a Reply