Cela peut be done by le means of WMI filtering. The group policy client would execute le WQL query depuis an attached WMI filter et seulement apply le GPO si le query would return a non-zero number of rows. So by creating a WMI filter checking si le current system time is within a given time interval et linking this WMI filter to le GPO you want to timebomb you get exactly what you wanted.
The win32_operatingsystem WMI class has a localdatetime attribute qui can be compared to a given string date in le format 'yyyymmdd hh:nn:ss' so using le WQL string like
select * from win32_operatingsystem where localdatetime >= '20150220 00:00:00' and localdatetime <= '20150223 15:00:00'
in le root\CIMv2 namespace would assurez-vous que le GPO seulement would be applied to systems où le local time is entre Feb, 20 2015 00:00:00 et Feb, 23 2015 15:00:00:
Make sure you have linked le WMI filter to le desired GPO:
Things to keep in mind:
- le WQL is evaluating le local date et time on le client, qui might ou might pas be synchronized avec le time source you mean to use. The client's time will pas run too far ahead ou behind of le domain controller's time, otherwise Kerberos authentication will break, mais there might be minor deviations, do account for them
-
the group policy client will check for GPO changes et re-apply them plutôt infrequently par défaut:
Par défaut, computer Group Policy is updated in le background chaque 90 minutes, avec a random offset of 0 to 30 minutes.
So le par défaut settings will seulement allow for a precision of +2 hours. The update interval can be changed by (another) group policy setting, si needed.
-
your policy needs to be able to revert tous changes quand no longer applied. Ceci est le case par défaut for tous managed Administrative Templates. Group Policy Preferences settings might need to be explicitly set up to "remove this item quand no longer applied":
