Use Task Scheduler to reboot a PC every day at specific time

This task is very useful when you have a computer that does a job unattended, like running a machine in a warehouse. Windows needs to be rebooted from time to time, in order to free up memory, clean temporary files, run updates or whatever reason you may find.

Luckily, the tool to do a scheduled reboot is already available. Here’s how to use such a tool in Windows 10.

Press the WIN key, and start typing Task Scheduler until the program is displayed in the options:

Start it, and take a look at the main window:

Select Create Basic Task, on the right panel. You will be prompted to give it a name:

Then, select when the task is scheduled to run, and at what time of the day:

The next step is to specify what program will run when the task is executed:

Type shutdown, and add the /r argument in the second field. R stands for reboot.

Note: If, for whatever reason, a user is working on that computer, we need to inform him and add a delay, so he can cancel the reboot, if he wants to. We add /t and the time in seconds to delay the reboot. For example, if we want to reboot after 30 minutes, the arguments will be: /r /t 1800. In that case, the user will receive a warning and he will have half an hour to cancel the reboot. He can do that by running shutdown /a at the command prompt, or execute a batch file that contains this command. Argument /a stands for Abort. See the Addendum at the end of this post on how to create a batch file.

Select Finish to complete the task, and we’re done.

Addendum:

To create a batch file that will cancel the reboot, open Notepad, type the words shutdown /a in it, save it with the extension .bat instead of txt and place it somewhere easy to find. When the Scheduled Task triggers the reboot, the user will have 30 minutes to execute that batch file and cancel it.

Set a desktop wallpaper using Group Policy

So, we are in an Windows Active Directory environment and we want to deploy the same wallpaper for all the users in the domain.

First, we need the create a share, readable by all the users, and put the wallpaper image inside that share. The share can be on the DC itself or on another domain-joined server.

Next step, we go to the DC, open Group Policy Management, select the domain and create a new GPO:

We give a name to the GPO and save it. Next, we right click on the newly created GPO and select Edit:

In the editor, we navigate to User Configuration – Policies – Administrative Templates – Desktop – Desktop:


On the list of policies, we open the one called Desktop Wallpaper and do two things:

  1. indicate the path and the name of the image
  2. enable the policy

Click OK and we’re done.
Note that it will take a log off / log on cycle on the client pc to see the policy in action.
The policy can be further customized according to some specific needs, but the basics are here.

Have fun!

How to set up a VPN client in Windows 10

In this short post, we will connect to the VPN server we configured in my other post from a remote computer running Windows 10.

First, we go to Network and Sharing Center, by right-clicking on the Network icon on the desktop and selecting Properties. Next, we select Set up a new connection or network:

Select Connect to a workplace:

Enter your public IP address (or the host name, if you have a dynamic IP and are using a service like NoIP)

Once the VPN connection has been created, we need to change one setting, so we go back to Network Connections and access the properties. Select Use Extensible Authentication Protocol, and click OK.

Double click on the VPN connection, enter your credentials and you’re done.

Now, remember: this connection will only work if you followed my tutorial about setting up VPN in Windows Server 2012 R2, and used the exact same settings. If you set up the VPN server with different security settings, then you will have to set the client accordingly.

Adding VPN role in Windows Server 2012 R2

In this post, we will enable and configure VPN role in Windows Server 2012 R2.

It is a good practice to do that in an Active Directory domain, preferably on a dedicated machine that is a member server, but not a domain controller.

First step is to add the role in Server Manager:



Enable the Remote Access role:

Leave the Features as they are and click Next:

Follow the wizard using the default settings.
Once finished, go back to Server Manager – Tools – Routing and Remote Access. Right click on the name of the server, and select Configure and Enable Routing and Remote Access:

Select Custom configuration and enable the VPN Access service:

Follow the wizard until the end. Then, click on the server name and select Properties:

Navigate to Security tab, and click on Authentication Methods:

Make sure to select the EAP Protocol and MS-CHAP version 2:

Next, we need to enable the PPTP Passthrough (also known as GRE) in the router, and also forward the 1723 TCP port to the IP address of the VPN server.

Last thing to do is allow the two protocols thru the server’s firewall:

Every user that is allowed to connect to that VPN needs to have the Dial-In feature in Active Directory set to Allow access:

This is the most simple setup for a Windows VPN. You can play further with settings to increase security, but the basics are here. Have fun !

Check out my other post about setting up a VPN client in Windows 10.

Error message on MSI workstation: We can’t find your camera

So, I had to troubleshoot an error message on a mobile workstation from MSI. The camera wasn’t detected. Not just a missing driver or a yellow exclamation mark in Device Manager, but nothing. Nada. Here is the error message:

I was sure the camera was simply dead. But, after troubleshooting the issue for a couple of hours, i felt like dumb when I discovered that the camera can be enabled/disabled by pressing Fn+F6. Pressed the combination and, voila!

Apparently, MSI has a hardware switch, and Windows 10 doesn’t know if the camera is there, but it’s disabled, like you disable an Ethernet adapter and still see it grayed out.

Create a shortcut with Group Policy

In this post, we will create a shortcut to an internet address and place it on the desktop for all the users in a Windows  domain.

First, connect to the Domain Controller, and open Group Policy Management. Right click on the domain name, and select Create a GPO in this domain and link it here.

Give it a name and click OK. Then, right click on the newly created GPO and select Edit.

Navigate to User Configuration – Preferences – Windows Settings – Shortcuts and select New Shortcut.

Then, populate the fields to match your requirements: the name of the shortcut, the target type (URL), the location where it will appear on user’s computers, and, if you have a customized icon, the file path for it.

Also, in the Common tab, make sure to select Run in logged-in user’s context.

Click OK, close GPO Management and restart your computer, NOT the domain controller.

Map a shared folder with Group Policy

In this post, we will see how we can map a shared folder for all the users in an Active Directory domain, using Group Policy Objects.

First, we need to have a domain controller and a computer join to the domain.

Next, we create the shared folder, that must be on the DC itself or on another server joined to the domain. A standard way to allocate the sharing permissions is to give domain users Read/Write rights and domain admins Full rights. Both tabs, Permissions and Share, should have the same two entries.

Next, connect to the Domain Controller, and open Group Policy Management. Right click on the domain name, and select Create a GPO in this domain and link it here.

Give it a name and click OK. Then, right click on the newly created GPO and select Edit.

Navigate to User Configuration – Preferences – Windows Settings – Drive Maps

Select New – Mapped Drive and click OK.

Type the location of the shared folder, chose a letter for the drive and select Show this drive, on the left side.

After that, go to the Common tab, and select Run in logged-on user’s context.

Click OK, close, and restart the computer, NOT the domain controller.