A task I’m asked to do often is launching PowerShell script for all desktops and servers on a domain. While I’ve been doing this for years, perhaps a short article is worthy of this topic.
Create a GPO and place it in your root or OU folder, I’ll leave this up to you.
I prefer doing it on computer startup instead of doing it per user, below is the path:
Computer Configuration -> Policies -> Windows Settings -> Scripts (Startup / Shutdown)
Now select Startup policy and navigate to the Powershell Scripts tab.
Note: you should have placed your script in the scripts folder inside of the sysvol folder on your domain controller.
Add the PowerShell script you want to push via GPO.
Note: make sure you set the permissions of Domain Computers on the PowerShell script and ensure it has the Read & Execute permission assigned.
After the PowerShell script has be added to the Startup Policy, click on the Edit button.
Add in this parameter:
-Noninteractive -ExecutionPolicy Bypass –Noprofile -file %~dp0powershellscript.ps1
Take note of this command:
This simply implies for the parameters to look in the Sysvol folder when the script is launched from the client
Lastly, you need to set a logon script delay for a few minutes for the script to be applied on startup, this is accomplished by navigating to this location in the GPO:
Computer Configuration -> Administrative Templates -> System -> Group Policy
Find the policy labeled:
Configure Logon Script Delay
Set the policy to “Enabled” and specify 2-3 minutes and then click on apply and close the GPO.
Then all you need to do is a GPO update for the OU in the GPOM or manually from each desktop you want this to be applied.