Automatic Restarts Make for a Smooth Day
How many times has a reboot cleared out a quirky issue? How many times have you had to ask, “have you restarted yet?” By using Group Policy Preferences Scheduled Tasks, you can ensure that every computer automatically reboots once a day.
This simple task allows software to install and updates to apply before your users arrive for the day. Got five minutes to set this up? Great! Let’s configure a daily restart task.
Decide where to store the scheduled task. You could launch the GPMC and create a new GPO named Daily Restart. Or put the task in a related GPO (such as one that configures Power Options). Next, navigate to Computer Configuration/Preferences/Control Panel Settings/Scheduled Tasks.
Right click on Scheduled Tasks and select New – Scheduled Task (at least Windows 7). Name your task and provide a description. Change the task’s account to NT Authority\System and select the Run whether user is logged on or not option.
Select the Triggers tab and create a new trigger. Set the task to begin on a schedule and select the Daily option. In our environment, the restart occurs before our first employees arrive.
You will want to set your task to begin early enough that you restart the maximum number of computers. Later, we will configure the task to not run if the machine is in use.
With your trigger is configured, select the Actions tab and create a new action. Leave the action type at Start a Program. For the program, enter:
shutdown.exe -r -f -t 0
This will forcefully restart a machine with a zero second delay. Make sure that your command includes a zero instead of the letter o. If your machines automatically start up in the morning, you could make your command shutdown.exe -s -f .
One last fun fact before we get back on topic. Shutdown.exe -i makes remotely shutting down groups of machines easy. You can even prompt a message up on a user’s screen. Now back to your regularly scheduled article.
In your Daily Restart task preference, select the Conditions tab. If needed, configure the task to start only if the machine is idle for X amount of time. Under Power, check all three options. This will ensure that remote laptops don’t scare their owners by restarting at 5 AM.
Allowing the task to Wake the computer to run might seem counter intuitive. If the machine is off, why would we want to wake it up just to restart it? Certain Group Policy settings only process on a true startup. The biggest example is Group Policy Software Installation.
If the machine hibernated the previous day, it would not install your applications until the next full reboot. Setting the task to wake the machine ensures a full restart every day!
The final bit of configuration that you might want to do is to limit the deployment of this task. For example, you might have certain machines that should never restart automatically. To do this, select the common tab and configure a new Item Level Target. My preferred method is limit deployment to all machines not in a specified security group.
Setting your computers to automatically restart is one more way to make your day smoother! What other tricks do you use to make life a bit simpler?
I appreciate, cause I found just what I was looking for. You have ended my four day long hunt! God Bless you man. Have a great day. Bye
Hey Joe, I was not able to get this to work under Computer Configuration however it seems to work fine if set up under User Configuration. Any idea why? Thanks!
No idea – did you see any errors under the event log when it was created under computer? What account did you use?
So I tried this and pushed the policy to a test machine. The “do not store password” is not checked on the computer. Also the account shows up just as “SYSTEM”. Is the password still being cached in memory?
I was able to get this manually working by using C:\Windows\System32\shutdown.exe and then in the arguments section adding -r -f -t 0. I couldn’t get it to work using just shutdown.-r -f -t 0 on a single line. Strangely manual tests would work when changing shutdown to ‘shutdown.exe -r -f -t 0’ or vise versa.
The task still shows unchecked on “do not store password” at the client and the account still shows up as just “SYSTEM”.
I’m waiting to see if the actual policy works as scheduled, now that my tests have proved successful.
Did your test work?
Yes my task is working great now.
How have you addressed this since the update of MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege: May 13, 2014
I use the local system account for this so I do not need to transmit a password with Group Policy Preferences.
Thank you Joseph,
your blog is fantastic!! One thing regarding this particular feature: what happens if the user has open documents, when the time of the restarting arrives?
Thank you Pablo! Office saves documents automatically so that isn’t much of a worry – if you wanted to get really fancy, you could make the machines restart only if no user is logged on.
How do you make machines restart only if there is no user logged on?
I actually don’t really care if they are logged in or not – I use the inactivity setting in the scheduled task to ensure that the user isn’t actually using the machine before it restarts though.
Thanks for this awesome GPO! This should help me a lot in my small environment, so certain updates get installed. I will find out tomorrow if I set it up correctly, though. If I run into any issues (Hope I don’t!) I will post again.
If I don’t, then everything worked and I love your site!!!! 😀
So glad it helped you! Let me know how your deployment goes.