none
Do GPOs require a healthy PATH?

    Question

  • Due to some nasty malware our PATH statement was changed from a REG_EXPAND_SZ to a REG_SZ registry type.   This has broken our path.   Now, when you open up a CMD window and you type in a command like calc or msiexec it says "I can't find that .exe"  you have to change directory to c:\windows\system32 and then your commands work.

    I want to use GPO to push out a PowerShell script that will change the key back to a REG_EXPAND_SZ.   I would make this a Computer Policy.  But do scripts run via GPO look for the PATH statement to find PowerShell.exe?


    mqh7

    Thursday, April 30, 2015 2:03 PM

Answers

All replies

  • Hi,

    >>But do scripts run via GPO look for the PATH statement to find PowerShell.exe?

    No, we can use PowerShell script to do this. The following script can be referred to as reference:

    Set-ItemProperty -Path "HKLM:\SYSTEM\currentcontrolset\control\session manager\environment" -Name "path" -type "expandstring" -Value "%systemroot%\system32;%systemroot%;%systemroot%\System32\Wbem;%systemroot%\System32\WindowsPowerShell\v1.0\;"

    Besides, for scripting question, if we need further help, we can ask for suggestions in the following scripting forum.

    The Official Scripting Guys Forum

    https://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?forum=ITCG

    Best regards,

    Frank Shen 


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Monday, May 4, 2015 7:01 AM
    Moderator
  • > do scripts run via GPO look for the PATH statement to find PowerShell.exe?
     
    Yes. You can use a "legacy" script, and in the script path, enter the
    full path to powershell. Then add your script in the parameters field.
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Monday, May 4, 2015 9:29 AM
  • OK, I tried this but it still did not work.   I followed what Martin said.  I created a .CMD file that has this.

    @echo off
    c:
    cd\
    echo "I did run" > c:\temp\echo.txt
    cd "C:\Windows\System32\WindowsPowerShell\v1.0"
    powershell.exe 

    Then, in my Script Parameters: I entered this:

    .\RemoveReplacePath.ps1

    The .CMD file does run and the ECHO command works.  I have an echo.txt in my c:\temp folder.   But the PowerShell does not execute.   


    mqh7

    Monday, May 4, 2015 7:35 PM
  • > Then, in my *Script Parameters*: I entered this:
    > .\RemoveReplacePath.ps1
     
    This will not work - the "current directory" in GPO scripts is always
    %windir%\System32, so you have to specify the FULL path to your PS1.
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    • Marked as answer by mqh7 Tuesday, May 5, 2015 3:38 PM
    Tuesday, May 5, 2015 7:54 AM
  • ok, I'm still not getting this to work.  I have kept my .CMD the same (please let me know if the syntax is ok)  and then I have tried calling the following from the Script Parameters:

    "\\Acme.org\SysVol\Acme.org\Policies\{B5A4C928-909B-4042-BEFF-581BDCE60540}\Machine\Scripts\Startup\RemoveReplacePath.ps1"

    .\"\\Acme.org\SysVol\Acme.org\Policies\{B5A4C928-909B-4042-BEFF-581BDCE60540}\Machine\Scripts\Startup\RemoveReplacePath.ps1"

    Then I moved the .PS1 script to a different server and tried these

    "c:\windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" .\"\\mhserver3\Scripts\Tools\MGPath\RemoveReplacePath.ps1"

    "c:\windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" "\\mhserver3\Scripts\Tools\MGPath\RemoveReplacePath.ps1"

    So far nothing has worked.  the .CMD file runs, it creates my c:\temp\echo file but the .PS1 script does not run.  any hints?  Thank you!!


    mqh7

    Tuesday, May 5, 2015 2:47 PM
  • ok, I got it working :-)   

    Thanks Martin!!


    mqh7

    Tuesday, May 5, 2015 3:25 PM
  •  >
    "\\Acme.org\SysVol\Acme.org\Policies\{B5A4C928-909B-4042-BEFF-581BDCE60540}\Machine\Scripts\Startup\RemoveReplacePath.ps1"
     
    If your cmd is in the same folder, you can replace this weird call with
     
    ....\powershell.exe %~dp0RemoveReplacePath.ps1
     
    See "for /?" for the meaning of %~dp0
     
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Wednesday, May 6, 2015 10:54 AM