Proper way to rollout GPO that requires restart of current and future machines?

active-directory group-policy

Let's say I have a policy that sets specific encryption settings for our servers. We don't want SSL 3.0, insecure, ciphers, etc for example. After this change machines must be restarted for the changes to take affect.

  1. existing machines should be restarted at specific time off hours
  2. future machines will need to be restarted after policy is applied

What is the ideal approach for handling this situation where there is a set time that needs to be scheduled now, but also a restart that needs to occur for future machines (edit: and administrator won't know that is the case for the new machine)?


Solution 1:

GPOs don't reboot a system, so you need something else e.g. based on shutdown -r.

Future machines don't need that as they pull GPOs as soon as they've joined the domain (and were possibly moved to the appropriate OU). Usually, that's part of plattform installation where a machine is restarted a few times anyway.

Related

Script to refresh SDProp immediately?
Interface following a link
PowerShell: Why am I getting this error?
Using Putty/plink to connect to remote MySQL from Windows machine using Port Forwarding and multi hop SSH tunnel
Replaced all mdadm RAID1 drives with new, larger drives. Now can not boot from the RAID1
Is there a way to show a 15+ character computer name in AD tools?
How to reset Keytab for FreeIPA Server and Client
Accessing EC2 metadata service from CodeBuild instance
Of all polygons inscribed in a given circle which one has the maximum sum of squares of side lengths?
Algebraic structure cheat sheet anyone?
Subsets of the Cantor set
Multivariable Calculus books similar to "Advanced Calculus of Several Variables" by C.H. Edwards