Automated shutdown of devices
In a drive to reduce power usage, I've tried a few times over the years at a way to shutdown computers but not if they are in use. I've tried using scheduled tasks set to only run when idle - in reality this doesn't really work as we tend to have quite a lot of mice that move ever so slightly on their own, so the PCs never think they are idle. Even wrote a client/server application where the client reports when someone logs on, logs off, or switches user and when prompted to shutdown by the server, the client asks the logged on user if they want to go a head or cancel. This worked fine for a while but when we updated to Windows 10 it stopped working and needed a lot of time spent on working out what had changed. So I moved away from that method.
My current method is two scheduled tasks. It'd be easy to just do a scheduled task that shuts down the computer, but what if somebody is working on it? Equally we could do a script which only shuts down if there are no active sessions, running if the computer has been idle for 10 minutes - but does a locked (but not switch user) screen count as active? (Yes it does) What if the mouse moves itself? With just this method a lot of PCs were never shutting down.
My first scheduled task runs at 6pm, and runs the following powershell script (which is copied to the local machine by a Group Policy Preferences File item)
If (!(quser | Select-String "Active")) {
shutdown /s /t 30 /f
}
quser will list the current sessions on a computer, they'll have the state "Active" or "Disc" (disconnected). We want to just see those who are active, and if there aren't any then shutdown the computer.
Create a Scheduled Task GPP item, running as System, to run at e.g. 6pm daily. Set the action to "powershell", with the arguments "-File c:\\shutdownscript.ps1" (or wherever your GPP File item puts the script). If you want to wait for the device to be idle, you can do so on the Conditions tab. I tend to do this, to account for somebody locking their machine and then going to the printer, for a coffee or something, before returning to their work.
Finally, I have a security group in Active Directory called "NoShutdown" containing computers which I don't want to shut down - such as mine, and a few others who either regularly work late, or have remote desktop set up to access their specific machine from home. I use item-level targeting to apply this scheduled task to all computers which are not in this group.
This should be shutting down the majority of computers, but you'll find quite a few just don't shut down, whether they think they have active users or the mice move slightly keeping them from being idle. We have user switching enabled, so most PCs usually end up with 4 or 5 people logged on at the end of the day (students and teachers alike are awful at logging off and just press switch user instead).
Our site closes at 10pm so I have a second scheduled task running then, which simply runs shutdown.exe with arguments "/s /f /t 30". This shuts down the machine even if somebody is logged on. Again I use item-level targeting to keep a few select PCs running.
Finally you will need to add another two scheduled task GPP items - one for "Forced Shutdown" and one "Automatic Shutdown" (or whatever you called your first two GPP items - needs to be exactly the same name), set the action to Delete and use item level targeting for all computers in your exclusions group. This step is required because, if you move a computer into the exclusion group, the preference item doesn't get removed automatically.
Now if I remote in late at night or over the weekend I'll see only servers and a handful of devices showing as on and connected in the MEMCM console, versus perhaps 50+ previously. Success!