Automating Administration Tasks on Windows

windows scripting automation powershell autoit

What tools do you use and recommend for automating administration tasks for Windows-based computers?

Examples of such tasks include:

  • Installing/upgrading software
  • Standarizing application settings
  • Remove blacklisted applications

A standardized disk image will be used to initially roll out a fully patched and configured Windows installation, so I'm looking specifically for tools and resources that will aid in administering the machines after they are deployed.

I know that some of this can be allowed or prevented using group policies deployed via Active Directory, and that many Microsoft products can be updated and managed through Windows Server Update Services (WSUS).

What do you use for other tasks? AutoIT scripting? PowerShell? Another scripting language? A 3rd party application? Or, is there a better approach to this ongoing task?


We use Group Policy for almost everything these days, and we use a single Windows disk image that we deploy to all of our computers. We also have System Center Configuration Manager installed (the newest version of SMS).

Our image contains all of the commonly-used apps in our facility, but we use Group Policy to expose only the apps that the particular user or group of users need to see. This keeps the Start menu and desktop tidy.

SCCM allows one to install and patch software. This can also be done through Group Policy.

For automation tasks, we use PowerShell heavily. It's well worth the effort you'll put into learning it.

We don't allow users to install apps, so we don't need to remove blacklisted applications much, but if we did it could be done through SCCM as well.

This is a pretty general question. Is there anything in particular you need to know more about?


Regarding your comment on a standardised disk image for initial deployment of the OS have you looked at using the Microsoft Deployment Toolkit for building and deploying your images?

We have been using this for about two years now and it has really cut down the number of images we have had to maintain especially around the driver management. We are using it for not only desktop builds but also server builds. It also has great links with SCCM OS Deployment.


We use Windows Systems Management Server for a lot of what you describe. Also another application called Softricity SoftGrid does some things you might be interested in.


We use Active Directory and GPOs for as much as possible due to the ease of deployment and management. It's good to note that there are lots of helpful tools and .adm templates out there that let you extend management through GPOs to more than just stock windows settings.

We also use WSUS, which is pretty hard to beat for patch management. For other tasks, we automate with scripts written in python (it's easy to write quickly in and comes with batteries included) as well as good old fashioned batch scripts. Backup is a good example; one script runs jobs in ntbackup, osql database dumps, and exmerge brick-level mailbox backups, encrypts it all, puts it where it needs to be, and emails the logs when it's finished.

Related

Best Linux network tuning tips? [closed]
Is there a Windows 7 compatible IPSec VPN client that allows protocol and port specific rules?
MySQL connection spike out of nowhere
Good graphical HTTP trace program for OSX?
Free software to monitor serial port communication [closed]
How can I get Firefox to display MIME types in-browser?
Sharepoint 2007: Active Directory and Sharepoint Groups
How can I reset the statistics reported by ifconfig?
Naming Convention for Virtual Machines
Puppet Module Resources
How to bestly setup a ssh tunnel for access to a remote network (Linux)
Nagios 3 config ideas