Tip

Using Group Policy preferences for immediate and scheduled tasks

It's 3 p.m. on Friday. You've spent all day fixing your Windows Server Update Services (WSUS) server and you're almost ready to return it back to production use.

But there's a problem. Since

    Requires Free Membership to View

one of the fixes for the server involved changing its network address, you now have clients around the network whose local DNS cache contains old -- and useless -- information.

More on working with
 Microsoft Group Policy

General overview:
Basic Group Policy Tutorial

Recent tips:
Five Group Policy preferences you must implement right now

What's new:
Group Policy makes strides in Windows 2008 R2

So, what do you do?

While you could walk around the halls of your business running the ipconfig /flushdns command or rebooting every computer, these solutions are time consuming -- and impractical. A better way to run this simple command quickly across your entire infrastructure is to use one of the Group Policy preferences (GPPs) scheduling tools: Scheduled Tasks or Immediate Tasks.

Scheduled Tasks

Scheduled Tasks instruct a command to run at predetermined times. They work with a local computer's Task Scheduler console.

Since Scheduled Tasks can be deployed to any machine -- including those running older operating systems like Windows XP -- the same GPP can manage all the desktops in your environment.

The problem with these types of tasks is that they have to be scheduled. For a situation like the one above, an ipconfig /flushdns task needs to be created to occur in the future to ensure every client receives the GPP before it runs. Make a mistake and you'll have to start over.

Immediate Task

The pick-a-time-in-the-future problem with Scheduled Tasks is why Immediate Tasks are a great alternative solution.

Immediate Tasks run the command as soon as each client refreshes its Group Policy. While this means the "immediate" in the Immediate Task still requires a period of time equal to your Group Policy refresh interval, it's easier to manage in the short term .

An Immediate Task is created under Computer Configuration | Preferences | Control Panel Settings. Then select New | Immediate Task to launch the New Task Wizard. Windows 7 and Windows Server 2008 computers have a few more options than older versions. While all versions allow you to select the user account to run the task in, only the new OS versions let you limit task execution based on whether the user is logged on. In addition, new operating systems can run multiple Actions within a single task.

Once complete, Immediate Tasks automatically remove themselves from the Task Scheduler library, while Scheduled Tasks -- even one-timers -- do not. They require a follow-up Group Policy preference to clean up the list once a task is complete.

When creating tasks, remember that the scheduler only works with commands at the command line. In addition, it is also important to separate out the application you want to run from the arguments that modify its executable. For example, to successfully run ipconfig /flushdns in the situation above, you must enter the full path to the ipconfig.exe executable under Program/script (i.e. c:\windows\system32\ipconfig.exe). Complete the command by entering the /flushdns argument in the Add arguments box (optional).

To confirm that an Immediate Task ran, you have to dig through each client's Windows Event Log. Information about an individual GPP application is stored in the Group Policy Operational Log, located under Applications and Services in the Event Viewer. Look for Event ID 4016, which will notify you when the applicable Group Policy was detected.

To determine if the task actually ran, check the Task Scheduler Operational Log in the Event Viewer folder. This log will have a series of Event IDs, including Event ID 106 (registering the task), Event ID 107 (triggering the task) and Event ID 141 (deleting the registration).

ABOUT THE AUTHOR:
Greg Shields, MVP, is a co-founder and IT guru with Concentrated Technology with nearly 15 years of IT architecture and enterprise administration experience. He is an IT trainer and speaker on such IT topics as Microsoft administration, systems management and monitoring, and virtualization.


 

This was first published in March 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.