0

I am provisioning Windows 2022 EC2 instances using Terraform and a PowerShell User Data script. I want to add functionality where this User Data script will configure a shutdown PowerShell script that will copy some files to a S3 bucket upon shutdown. Therefore, this needs to be done without using the Windows GUI. This the code I am currently using:

# ------------------------------------------------------------------------- # Create a PowerShell script for shutdown # ------------------------------------------------------------------------- $shutdownScriptPath = "C:\Scripts\BackupOnShutdown.ps1" # Ensure the Scripts folder exists New-Item -ItemType Directory -Path "C:\Scripts" -Force # Create the shutdown script @" # Backup Gateway Backups folder to S3 try { aws s3 sync "C:\Users\Administrator\Desktop\Gateway Backups" "s3://${backup_bucket}/gateway-backups/" --exact-timestamps aws s3 cp "C:\Users\Administrator\Desktop\ReadME.txt" "s3://${backup_bucket}/" Write-Output "Backup completed successfully." } catch { Write-Output "Backup failed: $_" } "@ | Out-File -FilePath $shutdownScriptPath -Encoding UTF8 -Force # -------------------------------------------------------------- # Copy script into the Group Policy Shutdown folder # -------------------------------------------------------------- $gpShutdownFolder = "C:\Windows\System32\GroupPolicy\Machine\Scripts\Shutdown" New-Item -ItemType Directory -Force -Path $gpShutdownFolder | Out-Null Copy-Item -Path $shutdownScriptPath -Destination $gpShutdownFolder -Force # -------------------------------------------------------------- # Configure Local Group Policy shutdown script via Registry # -------------------------------------------------------------- # Config key $configKey = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown\0\0" New-Item -Path $configKey -Force | Out-Null # Set required registry values — these match what gpedit.msc writes Set-ItemProperty -Path $configKey -Name "Script" -Value "BackupOnShutdown.ps1" Set-ItemProperty -Path $configKey -Name "Parameters" -Value "" Set-ItemProperty -Path $configKey -Name "IsPowershell" -Type DWord -Value 1 Set-ItemProperty -Path $configKey -Name "ExecTime" -Type DWord -Value 0 # State key $stateKey = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Shutdown\0\0" New-Item -Path $stateKey -Force | Out-Null # Set required registry values — these match what gpedit.msc writes Set-ItemProperty -Path $stateKey -Name "Script" -Value "BackupOnShutdown.ps1" Set-ItemProperty -Path $stateKey -Name "Parameters" -Value "" Set-ItemProperty -Path $stateKey -Name "isPowerShell" -Value 1 Set-ItemProperty -Path $baseKey -Name "ExecTime" -Type DWord -Value 0 # -------------------------------------------------------------- # Force Group Policy to refresh so the Shutdown script becomes active NOW # -------------------------------------------------------------- gpupdate /target:computer /force

However, once the Windows EC2 instance is provisioned and I open the Group Policy editor (gpedit.msc) and navigate to Computer Configuration → Windows Settings → Scripts (Startup/Shutdown) → Shutdown I do not see BackupOnShutdown.ps1 in the PowerShell tab. If I attempt to Add a PowerShell script from the GUI I do see my BackupOnShutdown script that I configured in my User Data script when I click on the Browse button in the Add a Script dialog. Therefore, it seems I am close, but missing something that will make the script appear in the Group Policy editor.

Improve this question
1
  • You might try posting this question on serverfault.com rather than stackoverflow.com. Commented 7 hours ago
Load 6 more related questions Show fewer related questions

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.