It's 3 p.m. on Friday. You've spent all day fixing your Windows Server Update Services (WSUS) server and you're...
almost ready to return it back to production use.
But there's a problem. Since one of the fixes for the server involved changing its network address, you now have clients around the network whose local DNS cache contains old -- and useless -- information.
So, what do you do?
While you could walk around the halls of your business running the ipconfig /flushdns command or rebooting every computer, these solutions are time consuming -- and impractical. A better way to run this simple command quickly across your entire infrastructure is to use one of the Group Policy preferences (GPPs) scheduling tools: Scheduled Tasks or Immediate Tasks.
Scheduled Tasks instruct a command to run at predetermined times. They work with a local computer's Task Scheduler console.
Since Scheduled Tasks can be deployed to any machine -- including those running older operating systems like Windows XP -- the same GPP can manage all the desktops in your environment.
The problem with these types of tasks is that they have to be scheduled. For a situation like the one above, an ipconfig /flushdns task needs to be created to occur in the future to ensure every client receives the GPP before it runs. Make a mistake and you'll have to start over.
The pick-a-time-in-the-future problem with Scheduled Tasks is why Immediate Tasks are a great alternative solution.
Immediate Tasks run the command as soon as each client refreshes its Group Policy. While this means the "immediate" in the Immediate Task still requires a period of time equal to your Group Policy refresh interval, it's easier to manage in the short term .
An Immediate Task is created under Computer Configuration | Preferences | Control Panel Settings. Then select New | Immediate Task to launch the New Task Wizard. Windows 7 and Windows Server 2008 computers have a few more options than older versions. While all versions allow you to select the user account to run the task in, only the new OS versions let you limit task execution based on whether the user is logged on. In addition, new operating systems can run multiple Actions within a single task.
Once complete, Immediate Tasks automatically remove themselves from the Task Scheduler library, while Scheduled Tasks -- even one-timers -- do not. They require a follow-up Group Policy preference to clean up the list once a task is complete.
When creating tasks, remember that the scheduler only works with commands at the command line. In addition, it is also important to separate out the application you want to run from the arguments that modify its executable. For example, to successfully run ipconfig /flushdns in the situation above, you must enter the full path to the ipconfig.exe executable under Program/script (i.e. c:\windows\system32\ipconfig.exe). Complete the command by entering the /flushdns argument in the Add arguments box (optional).
To confirm that an Immediate Task ran, you have to dig through each client's Windows Event Log. Information about an individual GPP application is stored in the Group Policy Operational Log, located under Applications and Services in the Event Viewer. Look for Event ID 4016, which will notify you when the applicable Group Policy was detected.
To determine if the task actually ran, check the Task Scheduler Operational Log in the Event Viewer folder. This log will have a series of Event IDs, including Event ID 106 (registering the task), Event ID 107 (triggering the task) and Event ID 141 (deleting the registration).
More on working with �Microsoft Group Policy
- General overview:
Basic Group Policy Tutorial
- Recent tips:
Five Group Policy preferences you must implement right now
- What's new:
Group Policy makes strides in Windows 2008 R2
ABOUT THE AUTHOR:
Greg Shields, MVP, is a co-founder and IT guru with Concentrated Technology with nearly 15 years of IT architecture and enterprise administration experience. He is an IT trainer and speaker on such IT topics as Microsoft administration, systems management and monitoring, and virtualization.