• Hello,

    I read the following article on how to deploy a powershell script via GPO and "Scheduled Tasks", very clear and well done:

    Run PowerShell scripts as Immediate Scheduled Tasks with Group Policy

    I replicated the configuration but the GPO doesn't work in these points:

    1) in the GPO in the section Computer Configuration -> Windows Settings -> Files
    I copy a file from a network share (in DFS system) to local, and here I have already the first problem.
    The file is not copied from the share, but I have no evidence of why. I say that the share is shared in everyone fullcontrol and also the permisions on the share and the file to copy are in everyone fullcontrol.

    If instead I copy the file from the policy share :
    hostname.LOCALSysVolhostname.LOCALPolicies{75C67D02-588E-464B-BCAD-B6AB9E1584D7}MachineScriptsStartup
    then it is copied.
    I think it's a permissions problem, but I can't figure out why.

    2) In the Tasks scheduled I created the task following your article, the task is executed by returning (0x0).
    Even if the task has finished, the powershell script is not executed, or if it is executed it does not write a file in the share of the previouspoint.

    Where am I going wrong?

    3) In the windows eventview in the Applications section I have this warning :

    Event 4098 , Group Policy Scheduled Tasks
    Unable to apply the computer element "script" in the Group Policy object 'name{}'.
    Error code '0x80070005 Access Denied.'. Error cleared.

    Many thanks for any feedback.
    Best regards,

    Diego M.

  • Hi,

    if the customer has 2008R2 Forest mode (please don't laugh for that) how can we proceed about?

    Please consider as the DC servers are 2012 R2...

     

    Thanks.

    Best regards.

    Diego M.

  • Hi Leos,

    many thanks for your feedback but what about the BitLocker Drive Encryption Feature?

    Surfing the web I have read as follows:

    "Starting from Windows Server 2008, these attributes are available by default, but still require an additional configuration for further functioning. In the schema version of Windows Server 2012 and newer, this feature works “out of the box”. The same is applicable to the computers running the newest Windows Server 2019 build." (https://theitbros.com/config-active-directory-store-bitlocker-recovery-keys/)

    Thanks a lot.

    Best regards,

    Diego M.

     

  • Hi all,

    what I have mentioned is the feature name for Windows Server to enable the Recovery Keys writing within the AD Computer Ojbects.

    The customer needs to archive the recovery keys within AD.

    Thanks again.

    Best regards,

    Diego M.

  • Hi,

    could you please confirm if the BitLocker Drive Encryption feature should be installed on all domain controllers? I mean, if a customer has more than one domain controller, the feature should be installed on all of them, shouldn't it?

    Thanks a lot.

    Diego M.

  • Mingione became a registered member 1 year, 3 months ago

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account