Sunday, March 13, 2011

Domain Computers - Scheduled Reboot

Ever been assigned the task to set up nightly reboots of all your domain computers? I haven't. 
I have however been asked how to do this. Now, I'm pretty sure you can deploy this using for example SCCM, if it's available to you, but lets assume it isn't. So we'll go about this another way.

What about a GPO setting? Well, as far as I know (feel free to correct me) there isn't a GPO setting to configure a scheduled reboot (recurring or not).

You can use shutdown.exe /m to reboot a remote computer, but that's really for a one time thing, on one or a couple of computers. Running shutdown /m on all domain computers every night is not something I'd look forward to at least!

But what if we could make each computer run shutdown.exe on its own? I think we may be on to something!

So, lets write a batch file, shall we? How about we want all computers rebooted at 4 in the morning?

This is what the batch file would look like:
at 04:00 shutdown.exe /f /r /t 60

When this runs it will schedule the command "shutdown.exe /f /r /t 60" to be run at 04:00. It will also force (/f) any open programs to close, then reboot (/r) the computer after 60 seconds (/t 60). If anyone is using their computer at 4 AM, they'll have 60 seconds to save their work before it reboots itself. Once the task has been run, it's automatically removed. 

The next step is to create a new GPO and assign this batch file as a startup script. The reason I say create a new GPO is because you don't want to include something like a mandatory reboot in your default computer policy. 
Why, you ask? 
Well, image that you do configure this in your standard policy and everything is working just fine, until you receive that e-mail from the boss saying x, y and z computers have a business need to not be included in the nightly reboot. Now what? They're supposed to have the same settings as all other computers, except for the mandatory reboot. You've effectively painted yourself into a corner. 

This is why you create a new GPO and a security group. Name the GPO something along the lines of "Computer Nightly Reboot", and the group "Excluded from Nightly Reboots". Assign the batch file as a computer startup script, and deny the security group the right to apply the policy settings. This way, if any computer is going to be excluded from the reboots, just add them to the security group. Problem solved! 

A one time option to prevent a computer from rebooting is to log on to the computer (or use psexec) and run "at <task id> /delete", which will remove the task from the list. If the reboot has already been triggered, you can use the command "shutdown -a" to abort it. 

This post only explains how to do this using a batch file and a GPO computer startup script, but if Group Policy Preferences (GPP) are available to you, it's also possible to use them to configure a scheduled task for the computer. If you want to schedule a weekly reboot instead of a nightly, GPP is probably the best way to go. Although you can also use startup scripts, and perhaps a more advanced VBScript solution to either create a scheduled task, or to first check what day of week it is and if it's, say friday, schedule the reboot. 

No comments:

Post a Comment