Microsoft System Center
A suite of Microsoft systems management products that offer solutions for managing datacenter resources, private clouds, and client devices.
893 questions
How to deploy Task Scheduler task on Group Policy of a single domain User logged on multiple domain Computers
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 78%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDC%3C/text%3E%3C/svg%3E)
Dalton Clark
0
Reputation points
I'm working as IT in a manufacturing plant where there are multiple windows 10 computer terminals around the plant. They are all logged in as the same user "shopfloor" which is useful for our group policy that is already set up to set restrictive policies (such as not allowing access to control panel, file explorer, etc).
The security filtering for this policy is set only to the shopfloor user (not authenticated users) and I saw somewhere to add domain computers to the delegation list with read only permissions since authenticated users usually includes computers and users. Within the Policy itself, we have many policies set under 'User Configuration' which all work as intended, but the problem seems to be when trying other things under 'Preferences'.
The problem I'm tackling right now is trying to set a Scheduled Task on all the terminals shopfloor is logged into. I would like it to only effect the computers when they're logged into the shopfloor user, and maybe that's a non-issue since the Policy should only be effecting the shopfloor user to begin with. It seems, though, that whether I'm setting the scheduled task under 'User Configuration > Preferences > Control Panel Settings > Scheduled Tasks' or 'Computer Configuration > Preferences > Control Panel Settings > Scheduled Tasks' the result is the same. There is no task being deployed, and as far as I can tell, doesn't effect the computer at all. (We tried deploying a proxy to the shopfloor terminals earlier in the year and got a very similar result)
I've checked Task Scheduler in Control Panel, and checked under C:\Windows\Tasks on the shopfloor terminals and there is no sign of any task being deployed to them.
The task itself is setup as such, although I don't necessarily think this is the problem:
- General:
- Action: Create
- When running the task, use the following user account: NT Authority\System (selected from browsing, not just typing it in)
- Run whether user is logged on or not
- Run with highest privileges
- Configure for: Windows Vista or Windows Server 2008
- Triggers: (set this way for testing purposes)
- Begin the task: At log on
- Any user
- Enabled
- Begin the task: At log on
- Actions:
- Action: Start a program
- Program/script: C:...\Epicor MES.bat (Don't know if it needs quotes around it since there is a space)
- Action: Start a program
- All other settings/tabs have been left untouched
This is what GPresult /v says after gpupdate /force (MES-RESTRICT is the policy I'm working on):
Applied Group Policy Objects
-----------------------------
Systems GPO
Windows XP Security Policy
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
MES-RESTRICT
Filtering: Denied (Security)
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
BUILTIN\Administrators
BUILTIN\Users
BUILTIN\Pre-Windows 2000 Compatible Access
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
Key Admins
Domain Admins
Group Policy Creator Owners
Enterprise Admins
Schema Admins
Authentication authority asserted identity
DnsAdmins
Denied RODC Password Replication Group
DHCP Administrators
High Mandatory Level
The user has the following security privileges
----------------------------------------------
Resultant Set Of Policies for User
-----------------------------------
Software Installations
----------------------
N/A
Logon Scripts
-------------
N/A
Logoff Scripts
--------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
GPO: Windows XP Security Policy
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures
Value: 1, 0, 0, 0
State: Enabled
GPO: Default Domain Policy
Folder Id: Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveActive
Value: 49, 0, 0, 0
State: Enabled
GPO: Systems GPO
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\NoRemovePage
State: disabled
GPO: Windows XP Security Policy
Folder Id: Software\Policies\Microsoft\Windows\NetCache\DisableFRAdminPin
Value: 1, 0, 0, 0
State: Enabled
GPO: Systems GPO
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl
State: disabled
GPO: Systems GPO
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage
State: disabled
GPO: Systems GPO
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage
State: disabled
GPO: Windows XP Security Policy
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMyMusic
Value: 1, 0, 0, 0
State: Enabled
GPO: Systems GPO
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper
State: disabled
GPO: Systems GPO
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\NoAddPage
State: disabled
GPO: Windows XP Security Policy
Folder Id: Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut
Value: 49, 0, 56, 0, 48, 0, 48, 0, 0, 0
State: Enabled
GPO: Systems GPO
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage
State: disabled
GPO: Systems GPO
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictCpl
State: disabled
GPO: Systems GPO
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\NoSupportInfo
State: disabled
GPO: Systems GPO
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\NoAddRemovePrograms
State: disabled
GPO: Systems GPO
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispSettingsPage
State: disabled
GPO: Systems GPO
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\DefaultCategory
State: disabled
GPO: Systems GPO
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
State: disabled
GPO: Systems GPO
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\NoAddFromInternet
State: disabled
GPO: Windows XP Security Policy
Folder Id: Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure
Value: 49, 0, 0, 0
State: Enabled
GPO: Systems GPO
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\NoAddFromCDorFloppy
State: disabled
GPO: Systems GPO
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL
State: disabled
GPO: Systems GPO
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\NoWindowsSetupPage
State: disabled
GPO: Systems GPO
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\NoAddFromNetwork
State: disabled
GPO: Systems GPO
Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\NoServices
State: disabled
Folder Redirection
------------------
N/A
Internet Explorer Browser User Interface
----------------------------------------
N/A
Internet Explorer Connection
----------------------------
N/A
Internet Explorer URLs
----------------------
N/A
Internet Explorer Security
--------------------------
N/A
Internet Explorer Programs
--------------------------
N/A
```I'm very new to working on this stuff and only have the knowledge of googling, and what we've had set up previously before I started working on this. Please tell me if I'm missing something obvious or if what I'm trying to accomplish is less than practical.
Thanks very much in advance.