GPO: Run a PowerShell script when the computer starts
Romain
In this tutorial, I will show you how to run a PowerShell script when your computer starts.
For this example, I created a “simple” PowerShell script that will create an entry in the Windows Event Log.
Here is the script:
Before you begin, copy your script file to the domain controller you will use to create the Group Policy.
Open the Group Policy Management console, on the Group Policy Objects folder, right-click and click New 1.
Name the group policy 1 and click OK 2 to create it.
Now we will configure the GPO, right click on it and click on Edit 1.
Go to the following location: Computer Configuration / Policy / Windows Settings / Scripts (startup / shutdown).
Double-click Startup 1 to open Properties.
Go to the PowerShell Scripts tab 1 then click the Show Files button 2.
In the new File Explorer window that opens, paste the script file 1 then close the window.
This way the PowerShell script file is placed directly into the Group Policy folder that has the correct NTFS rights.
Back on the startup script properties, click on the Add 1 button.
Click Browse 1.
Select the PowerShell script file 1 that will run when the computer starts and click Open 2.
The script is selected, click OK 1 to add it.
The script is added to the properties, click on the Apply button 1 and OK 2.
If in the same group policy you have several PowerShell scripts, it is possible to choose the execution order using the Move Up/Move Down buttons. Similarly, if you have different script types (VBS/Batch) in the same group policy, it is possible to choose which script type runs first.
For my part I prefer to use several group strategies.
Group Policy is ready.
Now we need to link the group policy so that it is applied, at the desired location in the Active Directory tree, right click and click on Link an existing group policy object 1.
Select GPO 1 and click OK 2.
Group Policy is linked, now we will test our PowerShell script.
To do this, I will start my VM lab-cl-w10-2.
After it started, I logged into the computer and checked the event viewer to see if any entry was added by the PowerShell script.
The script was executed successfully.
As a reminder, the startup script is executed before the logon, so you cannot act on user settings such as the registry, network drive or printers.
This type of script is mainly used to do software installations, folder cleaning…
I’m not going to do a tutorial on this subject, but it is also possible to run a PowerShell script when shutting down the computer to empty temporary files for example.
Startup scripts are run with system rights that allow you to do everything as if you were logged in with an Administrator account.
To prevent tampering with your scripts for malicious purposes, I encourage you to sign PowerShell scripts.
Now you know how to run a PowerShell script on computer startup by GPO.
