How to Deploy a PowerShell Script Using GPO

In this tutorial, you will learn how to deploy a PowerShell Script using GPO to configure your AD DS Server infrastructure.

 

Group Policy Objects, also known as GPOs, are rules set on an Active Directory domain that are then run on the various devices that use the service. They can apply to either devices or users and determine what software they can install or use, what resources they can access, etc.

 

How to Deploy a PowerShell Script Using GPO

 

Before you begin:

 

To successfully complete this tutorial and deploy a PowerShell script using GPO, you will need to:

  • Have registered on the Jotelulu platform and have logged in.
  • Have a Windows Server with AD DS Server installed.
  • Have an account with administrator privileges.

 

Part 1 – Preparing the Code

The first thing to do is prepare the PowerShall code that you wish to run. For the purposes of this tutorial, we are going to create a script that maps a network resources for users, but in reality, this method can apply to many other procedures such as printer mapping, deploying software, creating backups, etc.

To map a network drive using PowerShell, use the “New-PSDrive” command. You can find the syntax for this command here at Microsoft Learn.

For this tutorial, we will use the simple syntax shown below:

New-PSDrive –Name “P” –PSProvider FileSystem –Root “\\SW2022NACHO01\Shared” –Persist

Where:

  • Name is the name of the drive (a letter) that is used to identify the drive on the system.
  • Root is the root folder of the mapped resource.
  • Persist indicates that the resource will remain mapped after reboot.

Part 1 - Check that the script is correct

Part 1 – Check that the script is correct

Once you have established the PowerShall command, commands or script that you wish to use, you need to create an executable file. You can do this the same way as you would create any of the classic batch files like “.bat”, “.cmd”, “.vbs”. For PowerShell scripts, the file extension is “.ps1”.

 

Part 2 – Prepare the Policy for Execution

Next, you need to launch the Group Policy Management Console by running GPMC.msc with administrator privileges. You can also launch the GPMC from the Tools menu of Server Manager.

Part 2 - Launch the GPMC from the Tools menu in the Server Manager

Part 2 – Launch the GPMC from the Tools menu in the Server Manager

Next, right-click on the domain name and select the option “Create a GPO in this domain, and Link it here”.

Part 2 - Select the option to create a GPO in this domain and link it here

Part 2 – Select the option to create a GPO in this domain and link it here

You will then see a window asking for a name for the new GPO.

Part 2 - Give the new GPO a name

Part 2 – Give the new GPO a name

The, in the Group Policy Manager window, browse for the GPO that you just created, right-click on it and click on “Edit”.

Part 2 - Edit the GPO that you just created

Part 2 – Edit the GPO that you just created

This will open the Group Policy Management Editor, which will show a neutral folder location.

Part 2 - General view of the GPO editor

Part 2 – General view of the GPO editor

At this point, you need to decide how you wish to deploy your GPO. You have two options:

  • Startup/Shutdown: To run the PowerShell script whenever the device starts up or shuts down, go to “Computer Settings > Policies > Windows Settings > Scripts (Startup/Shutdown).
  • Logon/Logoff: To run the PowerShell script whenever a user logs on or off, go to “User Settings > Policies > Windows Settings > Scripts (Logon/Logoff).

For this tutorial, we want to run the script whenever the user logs on. So, we will choose the second option. Then, right-click on “Logon” and select “Properties”. Then, click on the PowerShell scripts” tab.

Part 2 - Right-click on "Logon" and select your PowerShell scripts

Part 2 – Right-click on “Logon” and select your PowerShell scripts

Lastly, you click on the “Add” button, search for the folder where your script is saved and click on it.

Part 2 - Add the script that you wish to run

Part 2 – Add the script that you wish to run

Your GPO and script should now be configured. To check this, go to the Group Policy Manager, search for your GPO. Then, check its status and see if it is linked to the script.

Part 2 - Check that the GPO for the script is active

Part 2 – Check that the GPO for the script is active

 

Conclusion

As you can see in this tutorial, it is fairly simple to create Group Policies that run PowerShell scripts or other commands to trigger actions on domain objects (such as users, groups or devices).

If you would like to find out more about this topic, we recommend checking out the following links, where you will find additional information and some practical examples of what you can achieve with GPOs.

Thanks for reading!

Categorias:Servidores