none
GPO overwritting all PATH env

    Question

  • Hello everyone. I have a weird problem and would like to ask for help and some opinions.

    In my environment, I have a GPO that execute two .bat scripts at user logon. Sometimes, I try to use commands like ipconfig or gpupdate and receive an error saying that is not a recognized command. When I check the env PATH, all the paths were overwritten by this GPO unc path, repeatedly. How can I fix this ? Please, take a look how the PATH env looks like:


    The unc \\domain.local\SysVol\domain.local\Policies\{60860B04-D59E-4CCA-A67E-EA89A189E34B}\User\Scripts\Logon repeats for all env value, and overwrites other values like C:\Windows\System32.

    Some suggestions how can I solve this? Thanks for all for your attention



    • Edited by Tubiros Sunday, February 12, 2017 10:53 PM typo
    Friday, February 3, 2017 4:10 AM

Answers

  • > Is it necessary to post the content of the scripts?
     
    I don't know... At this point, all I can do is guessing.
     
    If you execute a script that is located in the sysvol folder of a GPO, cmd.exe will set %windir%\System32 as its current working directory (UNC paths are not supported). But inside the script, %~d0 and %~p0 will still point to the UNC path (see "for /?" on %~ ).
     
    So my guess is that you have a script in the GPO that
    a) is located in Sysvol and
    b) somehow deals with %~dp0
     
    Which GPO has {60860B04-D59E-4CCA-A67E-EA89A189E34B} as its GUID?
    dsquery * -filter "(Name={60860B04-D59E-4CCA-A67E-EA89A189E34B})" attr Displayname
     
    BTW: If it overwrites the system path, it hardly is a user logon script, it MUST be a computer startup script :-)
     
    • Marked as answer by Tubiros Tuesday, February 14, 2017 2:24 PM
    Monday, February 13, 2017 2:40 PM
  • I found what can be the problem. The second bat script is the responsible for the behavior.

    The is something in the script that interacts with the system and add the gpo sysvol path in every user logon.

    This is a 3rd part script. I will investigate the content and try to repair. Thanks a lot, Martin.





    • Edited by Tubiros Tuesday, February 14, 2017 2:24 PM typo
    • Marked as answer by Tubiros Tuesday, February 14, 2017 2:24 PM
    Tuesday, February 14, 2017 2:17 PM

All replies

  • > In my environment, I have a GPO that execute two .bat scripts at user logon.
     
    Freaky about showing their complete contents?
     
     
    Friday, February 3, 2017 10:55 AM
  • Hi,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, February 10, 2017 8:33 AM
    Moderator
  • No problem.

    Inside the first bat script, I call Bginfo to set the wallpaper. The jpg file is in a share.

    The second, there is a code to set JAVA_HOME environment and execute a jar file.

    Is it necessary to post the content of the scripts?

    Saturday, February 11, 2017 8:13 PM
  • > Is it necessary to post the content of the scripts?
     
    I don't know... At this point, all I can do is guessing.
     
    If you execute a script that is located in the sysvol folder of a GPO, cmd.exe will set %windir%\System32 as its current working directory (UNC paths are not supported). But inside the script, %~d0 and %~p0 will still point to the UNC path (see "for /?" on %~ ).
     
    So my guess is that you have a script in the GPO that
    a) is located in Sysvol and
    b) somehow deals with %~dp0
     
    Which GPO has {60860B04-D59E-4CCA-A67E-EA89A189E34B} as its GUID?
    dsquery * -filter "(Name={60860B04-D59E-4CCA-A67E-EA89A189E34B})" attr Displayname
     
    BTW: If it overwrites the system path, it hardly is a user logon script, it MUST be a computer startup script :-)
     
    • Marked as answer by Tubiros Tuesday, February 14, 2017 2:24 PM
    Monday, February 13, 2017 2:40 PM
  • I found what can be the problem. The second bat script is the responsible for the behavior.

    The is something in the script that interacts with the system and add the gpo sysvol path in every user logon.

    This is a 3rd part script. I will investigate the content and try to repair. Thanks a lot, Martin.





    • Edited by Tubiros Tuesday, February 14, 2017 2:24 PM typo
    • Marked as answer by Tubiros Tuesday, February 14, 2017 2:24 PM
    Tuesday, February 14, 2017 2:17 PM
  • > This is a 3rd part script. I will investigate the content and try to repair. Thanks a lot, Martin.
     
    I've got a lot of experience in scripting - if it is not confidential, I can assist :-)
     
    Tuesday, February 14, 2017 3:24 PM