Last updated on July 15th, 2022 at 10:28 am
Following up on ConfigMgr Client Health – Anders Rødland Startup Script post, to a new Microsoft Endpoint Manager Configuration Manager (MEMCM / MECM) formerly System Center Configuration Manager (SCCM / CM) lab. To many people this will seem like an obvious step but for many admins, unless they play day to day with Active Direction (AD) a little guidance is needed. This blog will be a bit of a step by step on How to Create a Computer Start Up GPO.
What is Group Policy Object (GPO)?
But first what is a Group Policy Object (GPO)? A GPO allow you to group several settings together which will get applied to a computer or user. Think of enabling firewall settings or logon scripts.
Creating a Computer Start Up GPO
Start by locating the Group Policy Management (GPM) application. Also sometime called Group Policy Management Console (GPMC).
Within GPM window, expand your Forest and Domains nodes and locate your Organization Unit (OU) that you want the Computer Start Up GPO to apply to, in my case MEMOP OU. Then right click and select Create a GPO in this domain, and Link it here… item.
Enter a Name of the GPO, in my case ConfigMgr Client Health, then click OK. This will create a blank GPO.
Once the GPO is created right click it and select Edit.
Within the Group Policy Management Editor (GPME) window, Expand Computer Configuration | Policies | Windows Settings | Script (Startup/Shutdown) node, then double click Startup in the right window pane.
Click the Add button.
In the Script Name text box, enter PowerShell.exe
Within in the Script Parameters text box enter the same command you use to test before. In my case
-ExecutionPolicy Bypass -Noninteractive -File “\\memwsus\cmhealth\ConfigMgrClientHealth.ps1” -Config “\\memwsus\cmhealth\Config.xml” -Webservice “http://memwsus.op.memreports.com/ConfigMgrClientHealth”
Then click OK to close the Add a Script windows.
Click OK again to close the Startup Properties window. Keep GPOE open.
Setting up Configure Logon Script Delay
Browse to Computer Configuration | Policy | Administrative Templates |System | Group Policy and double click Configure Logon Script Delay policy.
Select Enabled and specify a delay in minutes before starting the logon scripts the default is 5 minutes but I will use 2 minutes. Click OK to complete this task. Close GPME and GPM. With that last step done you are done, once the GPO have been apply (~ 60 minutes later) and as they reboot, they will start to run the computer start up GPO script, which in this case ensure the health of you MECM environment.
How to confirm that the Startup Script have executed?
The easiest way to confirm that the script has run is to look at eh log files stored on each computer in the C:\ClientHealth folder. You can open it with notepad and see the results.
I hope you found it useful on how to Create a Computer Start up GPO. If you have any questions, please feel free to touch base @Garthmj. Sh… don’t tell anyone but lookin for SSRS and maybe Power BI reports for Anders Health script . Watch for it. In the mean time if you have suggested for edit to those reports, Please feel free to contact me.