Tag: GroupPolicy

  • How to Schedule Windows Reboot with Group Policy

    How to Schedule Windows Reboot with Group Policy

    In this blog, I will walk you through how to schedule Windows reboot with Group Policy. This guide will be compatible with a Windows Server 2022 or a client operating system (Windows 10, 11).

    Creating Group Policy to Schedule Windows Reboot

    From a domain controller, create a group policy on the OU that includes the computers you want to restart, right-click on it, click Create a GPO in this domain, and link it here.

    Create a GPO in this domain and link it here

    Name the Group Policy and click the ok button.

    Create new group policy object

    Edit the group policy, which has just been created, right-click on it and select Edit.

    Edit GPO to schedule reboot windows server

    Go to the following location:

    Computer Configuration/Preferences/Control Panel Settings/Scheduled Tasks

    Right-click on scheduled tasks, click go to New and then click on Scheduled task (at least Windows 7).

    Scheduled task to restart Windows automatically

    On the General tab, name the task and indicate the user NT AUTHORITY\SYSTEM.

    Schedule Windows reboot with Group Policy

    We will now configure the triggers of the scheduled task. Select the Triggers tab and click on the New button.

    Create trigger to schedule restart windows

    Specify a scheduled time, select Daily to configure the execution time as per the requirement and click on ok to create the trigger.

    Create new trigger to schedule reboot

    The trigger is added.

    Schedule windows reboot via group policy

    Now, we are going to add our action, to restart a Windows computer. Select the Actions tab and click on New.

    Create action to schedule windows reboot

    Action: choose Start a program
    In the Program/script field: Type the below path:

    C:\Windows\System32\shutdown.exe

    Specify the following parameters: -s -t 0 -f to configure computer shutdown.
    (f for shutdown and type r for restart)
    Click OK

    Schedule reboot windows with group policy

    Select Apply and OK.

    Schedule reboot windows via group policy

    The scheduled task is added.

    Windows reboot automatically using group policy

    Our scheduled task is almost ready, and we need to configure the task to operate with the user not logged in and the highest privileges.
    Open the task by double-clicking on it; as shown in the screenshot below, the user has been changed.

    Schedule reboot windows properties

    Specify the NT AUTHORITY\SYSTEM user again.
    Select whether the user is logged in or not
    Check the box Run with highest privileges.
    Click OK

    Reboot windows automatically schedule

    Group Policy is ready.

    How to Verify Group Policy on a Computer

    From a PC where group policy applies, use the gpupdate /force command to update the GPOs and then restart the computer. From a PC where group policy applies, use the gpupdate /force command to update the GPOs and then restart the computer.

    Gpupdate /force command

    After restarting the system, log in to the task scheduler and then the task scheduler; you must open the task scheduler as an administrator, otherwise, you will only see the scheduled tasks of the logged-in user.
    As we can see, the scheduled task has been added, and the computer will automatically reboot every day as you configured it.

    Task scheduler library

    Conclusion:

    In this blog, you have learned how to create a group policy to create a scheduled task and how to program the automatic restart or shutdown of computers.
    This solution effectively allows the automatic shutdown of computers at a scheduled time; however, it is not possible to stop the task if, for some reason x or y, a user is still working on the computer. will be turned off.

  • How to Configure Folder Redirection with Group Policy

    How to Configure Folder Redirection with Group Policy

    This blog shows you how to configure folder redirection with group policy. How can you redirect a folder on the Windows Server with a group policy? Folder redirection is the method of keeping a profile folder from a network location or other location on the local computer. Most user profiles and settings are stored in a local profile. By redirecting folders, you can access data regardless of which computers you are logged in.

    Requirements

    Domain Controller Server (SRV2022)
    Client PC running Windows 11 (Windows11)

    Create a Shared Folder

    In the C drive, click on the Home tab and click New folder.
    Enter Redirection, and then press enter.

    Create a new folder

    Right-click the Redirection folder, and then click Properties.

    right-click folder

    Click on the Sharing tab and click on Share.

    Folder properties sharing tab

    Click the drop-down arrow, type Everyone, and click Add.

    Share a folder

    For Everyone, select the Permission Level Read/Write and click share.

    Shared folder read/write permission

    The folder is shared; click Done.

    Folder is shared

    Click close.

    Folder properties sharing tab

    Create a Group Policy to Redirect the Documents Folder

    Search Group Policy Management and open it.

    Search group policy management

    Right-click on your local domain, click Create a GPO in this domain and link it here.

    Create a gpo

    In the New GPO dialog box, in the Name box, type Folder Redirection, and click ok.

    Configure folder redirection with group policy

    Now, right-click on the Folder Redirection and select Edit to Configure Folder Redirection with Group Policy.

    Edit group policy

    In the Group Policy Management Editor, Go to:

    User Configuration\Policies\Windows Settings\Folder Redirection

    Right-click on Documents and select Properties.

    Folder redirection with group policy

    In the Document Properties, on the Target tab, click the setting drop-down arrow.
    Settings: Select Basic-Redirect everyone’s folder to the same location.
    From the Target folder location, select Create a folder for each user under the root path.
    In the Root Path, type \DC2022\Redirection, and select ok.

    Configure Folder Redirection with Group Policy

    In the Warning dialog box, select Yes.

    Folder redirection warning

    Close the Group Policy Management Editor.

    How to Test Folder Redirection

    Sign in to Windows11 as Windows11\Administrator with the password.

    Open the command prompt, enter the following command, and hit Enter:

    Gpupdate /force

    Type Y and press Enter.

    gpupdate /force command

    Login again
    Right-click on Documents and select Properties.

    Right-click on documents

    Verify that on the General tab, the Location field has a value of.
    \SRV2022\Redirection\user.

    Verify folder redirection
  • How to Map Network Drives via Group Policy

    How to Map Network Drives via Group Policy

    In this blog, you will learn how to map network drives via Group Policy in Windows Server 2022. How can I configure a GPO for mapping shared drives and automatically provide users with access when they log on? Providing users with access to shared folders can be beneficial. It allows you to control your IT infrastructure while allowing people to share the necessary resources.

    Map Network Drives via Group Policy

    Map a Department Network Drive

    I will map network drives with group policy for the Accounts department. I will use item-level targeting, so it only maps this drive for users in the Accounts organization unit.
    You could also use a Security Group to target a certain group of users. This will be mapped to a network share that only the HR department has access to.
    I have created two shared folders (Shared for Accounts department and Users for individuals).

    Open the users’ folder.

    Windows explorer new volume

    Right-click on a user, select properties and verify the permissions.

    Folder properties in Windows

    Active Directory Users and Computers

    We have created organization units (Account, etc.….) in the Active Directory users and computers. I am going to map a network drive for accounts departments. I have moved a user named user2 to the accounts organization unit.

    Active directory users and computers

    Open the Group Policy Management Console by searching in Windows.

    Search group policy management

    In the Group Policy Management Console, click on the group policy object and select Create a new GPO.

    Create new group policy object

    You can name the new GPO whatever you like; I’ve created a map network drive for all computer users.
    I can also add additional drive mappings to this GPO.

    New GPO name

    The new GPO is now created and linked, so it is time to configure the settings.

    Configure GPO Settings

    Right-click on the GPO (Map Network Drives) and select edit.

    Edit group policy objects

    Access User Configuration/Preferences/Windows Settings/Drive Mappings.
    Right-click Drive Maps, Select New and then Mapped Drive.

    Map network drives via GPO

    Configure Drive Mapping Properties

    General Tab Settings
    Action updates
    Locate the path to the shared/folder you want to map a drive.
    Select a drive letter
    Label as: This is optional, but may be beneficial for users.

    Configure map network drive via GPO

    Click on the Common Tab
    Select Run in the logged-on user’s security context.
    Select Item-level Targeting
    Click on the Targeting Button

    Map network drive targeting

    Select New Item
    Select Organization Unit

    targeting Map network drive

    Click on the three dots buttons.

    Map network drive targeting editor

    Select your OU, the one you want to use for this network drive mapping.

    Find custom search

    Click ok.

    Map network drive targeting

    Click the ok button to close the new drive properties.

    New map drive properties

    This completes the GPO settings.

    Group policy management editor

    This will be a user-based GPO, so make sure you link it to a location that will attract users. I have all my users separated into an OU called Accounts so that I can create and link the GPO there.

    Right-click on an Organization Unit and select the existing GPO.

    Group policy management

    Select a group policy object (Map Network Drives) and click ok.

    Link existing group policy objects

    Now you can see the GPO successfully linked.

    Group policy objects link enabled

    Log in with a user’s PC, and you can see the map drive not displayed.

    This PC

    Reboot User’s Computer to Process GPO

    I must reboot the user’s PC or run gpupdate /force.

    Gpupdate /force

    The next time a user from the accounts users logs in, they should be able to see a mapped drive.

    This PC mapped network drives

    In the active directory users and computers, now, any user I put in the HR folder can access this drive. If you don’t want to use an organizational unit, you can also target a group of users by using a Security group.

    Active directory users and computers

    Map a Network Drive Using Group Policy for Individual Users

    This example maps a drive for individuals, providing each user with a personal folder to save files.
    You can create a new GPO or add to an existing one, I have all my drive mappings available in one GPO.

    This example requires a folder to be created on a network share that matches the user’s login name. You will need to modify the NTFS permissions so that only the individual user has permission to access it.

    Create Roaming Profiles

    Roaming profiles allow users to log on to any computer in their organization and have all their personal files and settings available to that computer. This is a powerful feature that is easy to configure.
    Create a folder on your server’s local hard drive.
    Click the folder you created, scroll down, and click Properties.

    Select folder properties

    Open the sharing tab and click Advanced Sharing.
    Check the Share this Folder and click on Permissions.
    Select Everyone from Group or usernames and click Remove.
    Click Add and add a user to who you want to provide access.
    Click on the security tab and select edit.

    Folder properties security tab

    Select add

    Permissions for shared folder

    Enter a user and select click ok.

    Enter the object name to select

    Allow full control by checking the checkboxes and clicking OK.

    Permissions for share folder

    Active Directory Users and Computers

    Select all users who would like their roaming profile to be created. Right-click and click Properties.

    active directory users and computers

    Check the connect under the home folder and use a letter to map the network drive. Provide the network path of the folder you copied. It should be in the format \ServerName\FolderName\%username%. Click OK. You are creating a roaming profile for Active Directory users.

    Map network drive for user

    Click ok.

    Active directory domain services warning

    Now login with the user’s PC.

    Map network drive

    Please visit Microsoft to learn more about GPO.

    #MapNetworkDrive #GroupPolicy #WindowsServer2022 #gpo