The Group Policy snap-in, installed with the Administration Tools, allows you to create, edit, and remove script assignments. These settings are stored as a part of the GPO. You can create script assignments for either computers and/or users.
New Script Assignment
-
In the GPMC, expand your domain node and locate the Group Policy Objects node.
- Right-click on the desired GPO and click Edit…
-
In the Group Policy Management Editor, expand
Computer Configuration or User Configuration,
Policies, Systems Management, and select
Specops Command.
NOTE
The
Specops Command node allows scripts to be executed in both the computer and user context.
- Click New Script Assignment.
Configure Script Assignment
-
In the Script Assignment name text field, enter a descriptive name for the script assignment.
-
Specify the desired script language from the
Script language drop-box.
-
Use the Script editor to write your PowerShell script or VBScript. Alternatively you can import a saved script from file. Opening a saved script will replace the script in the script editor.
-
Use the Send feedback drop-box to configure the feedback options.
Feedback | Description |
Always |
Feedback will be sent every time a client executes the script, regardless of the outcome.
|
On error |
Feedback will only be sent if an error occurs when executing the script.
Note: This can be useful for limiting network traffic if scripts are executed often and on multiple computers.
|
Never | No feedback will be sent when executing this script. |
-
Click Test Script to execute the script on the local machine.
NOTE
It is important to run the script before sending it to clients to ensure that there are no errors in the script.
-
Click Sign Script… to sign the PowerShell script from
Specops Command using a certificate with a private key.
- Browse to the location of the PFX file.
- Enter the certificate password, and click OK.
- To save the script assignment, click OK.
Undo script
Use the Undo script tab to undo the script for computers when they fall out of the scope of management.
-
Enable the Undo script enabled checkbox to be able to add an undo script to the script assignment.
-
Specify the desired script language from the
Script language drop-box.
-
Use the Script editor to write your PowerShell script or VBScript. Alternatively you can import a saved script from file. Opening a saved script will replace the script in the script editor.
-
Use the Send feedback drop-box to configure the feedback options.
Feedback | Description |
Always |
Feedback will be sent every time a client executes the script, regardless of the outcome.
|
On error |
Feedback will only be sent if an error occurs when executing the script.
Note: This can be useful for limiting network traffic if scripts are executed often and on multiple computers.
|
Never | No feedback will be sent when executing this script. |
-
Click Test Script to execute the script on the local machine.
NOTE
It is important to run the script before sending it to clients to ensure that there are no errors in the script.
-
Click Sign Script… to sign the PowerShell script from
Specops Command using a certificate with a private key.
- Browse to the location of the PFX file.
- Enter the certificate password, and click OK.
- To save the script assignment, click OK.
Target
Use the Target tab to scope which computers or users will receive the script assignment. A target consists of a set of criteria which the client will match against its own environment.
- Enable the Targeting enabled check-box.
-
Select the Add target criterion drop box. You can add the following criteria:
Criteria | Description |
---|
Membership criteria |
The Membership criteria consists of the following items:
- Security groups
- Organizational units
- User name
- Computer names
- Sites
- IP address range
|
Environment criteria |
The Environment criteria consists of the following items:
- Environment variables
- Registry settings
- Operating system languages
|
Hardware criteria |
The Hardware criteria consists of the following items:
- BIOS
- Computer model
- Processor type
- Disk free space
- Memory size
|
Software criteria |
The Software criteria consists of the following items:
- Operating systems
- Installed software
- Files
|
WQL | Query the Windows Management Instrumentation. |
-
Once you have added the target criteria, they will be displayed in the list. From the list you can edit or remove a criterion.
Schedule
Use the Schedule tab to specify when and how often a script assignment should be executed.
-
Enable the Scheduling enabled checkbox.
NOTE
If this option is not enabled, the script assignment will be applied at every Group Policy interval both in foreground and background processing mode.
-
You will have the following options:
Interval | Description |
---|
Once |
GPO executes script only once for the computer or user.
Note -
If Once is set in combination with foreground in the computer part of the GPO, the GPO will affect the computer the first time it is re-started after the CSE is installed.
-
If Once is set in combination with foreground in the user part of the GPO, the result will be that the GPO will only affect the user the first time he/she log on to a computer after the CSE is installed on the computer.
|
Daily |
GPO executes script daily. This is similar to the Every group policy interval option with the exception of allowing a time window to be used.
|
Weekly | GPO executes script on specific days of the week. |
Monthly |
GPO executes script on one or more specified days each month.
|
Every group policy interval |
GPO executes script every time the policies are applied for the computer or user.
|
-
If you have selected the daily, weekly, or monthly interval, you can configure when for each interval the settings should be executed.
-
From the Time windows settings you can also configure
UTC time and Only once per time window.
-
You can schedule scripts during both during booth and/or logon (foreground mode) and every group policy interval (Background mode). Enable the GPO Processing mode you would like to use.
Note: If you select both, you will
have the option to require synchronous mode.
Edit Script Assignment
-
In the GPMC, expand your domain node and locate the Group Policy Objects node.
- Right-click on the desired GPO and click Edit…
-
In the Group Policy Management Editor, expand
Computer Configuration or User Configuration,
Policies, Systems Management, and select
Specops Command.
-
Select the script assignment you want to edit, and click
Edit Script Assignment.
- Make the necessary changes, and click OK.
Delete Script Assignment
-
In the GPMC, expand your domain node and locate the Group Policy Objects node.
- Right-click on the desired GPO and click Edit…
-
In the Group Policy Management Editor, expand
Computer Configuration or User Configuration,
Policies, Systems Management, and select
Specops Command.
-
Select the script assignment you want to delete, and click
Delete Script Assignment.
- Click Yes in the Delete script assignment dialog box.
Detailed Feedback
After the Group Policies have been applied, you can view detailed feedback for a script assignment.
-
In the GPMC, expand your domain node and locate the Group Policy Objects node.
- Right-click on the desired GPO and click Edit…
-
In the Group Policy Management Editor, expand
Computer Configuration or User Configuration,
Policies, Systems Management, and select
Specops Command.
-
Select the desired Script assignment, and click
Detailed Feedback.
-
Use the top pane to set up the filter. You will have the following filter options:
Option | Description |
---|
Succeeded executions |
The feedback will only display script executions that were completed without errors.
|
Failed executions |
The feedback will only display failed script executions.
|
Both |
The feedback will display both succeeded and failed script executions.
|
Normal executions |
The feedback will only display script executions that are not Undo executions.
|
Undo Executions |
The feedback will only display undo script executions. Undo scripts are executed when a script assignment falls out of the scope of management for a computer or user.
|
Both |
The feedback will display both normal and undo script executions.
|
All time |
The feedback will display all executions regardless of when they happened.
|
Not older than |
The feedback will display executions on or after the selected date.
|
-
Click Display to load the information according to the filter.
-
You can remove dated information using the
Delete Selected feedback Select the feedback you want to remove and click Delete Selected feedback.
Note: If the script is executed again for the same computer or users, new feedback will be sent to replace
the deleted information.
Powershell Snap-ins
PowerShell Snap-ins provide cmdlets and providers as well as other capabilities. If you use a cmdlet in a script that Snap-in must be present on the client for it to process. In
Specops Command you can add PowerShell Snap-ins to be packaged and deployed to clients. You can also ensure these Snap-ins are the latest version.
If a script is added to a
Specops Command policy, and a cmdlet or provider called in that script is from a PowerShell Snap-in, then the snap-in will appear in the list. The local version of the snap-in will be compared against the version contained in the GPO. This will assist
in keeping versions of the snap-in up to date.
Licensing
You can update your license from the Group Policy Editor snap-in.
- Open the Group Policy Management Console.
- Right-click on the GPO node, and select Edit.
-
In the Group Policy Management Editor, expand
Computer Configuration, Policies, Systems Management, and select
Specops Command.
- From the Command menu, click Licensing.
- Click Import license file…
-
Browse to the location of the TXT file, and click
Open.
- Click OK.