To run a PowerShell script on multiple computers via Group Policy, you can work with an Immediate Scheduled Task. The main advantage over logon scripts is that you can execute your script with admin rights.
Group Policy allows you to add and remove users to an Active Directory (AD) group. Using this feature improves security because you can ensure that high-risk security groups only contain the users that you specify via Group Policy.
Recently I gave a presentation at MORENet’s 2015 Annual Conference about “Securing Windows with Group Policy”. This presentation was part of their “Advanced” technology track, and really focused on looking at the current permission levels of your users and deciding if they really need those rights/permissions.
I hope some people find these slides useful or at least a good reference point. If you have any questions about these slides then please do not hesitate to contact me by leaving a comment below.
Slides can be downloaded here: Securing Windows with Group Policy
NOTE: MORENet’s conference is focused on technology and educational initiatives affecting K-12 & Higher Education within the State of Missouri.