Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gpt.ini corruption #40

Open
schnyders opened this issue May 24, 2024 · 0 comments
Open

gpt.ini corruption #40

schnyders opened this issue May 24, 2024 · 0 comments

Comments

@schnyders
Copy link

Details of the scenario you tried and the problem that is occurring

When gpt.ini already contains another CSE then managed by this resource ({35378EAC-683F-11D2-A89A-00C04FBBCFA2}) gpt.ini gets corrupted.

Steps to reproduce:

  1. Ensure C:\Windows\System32\GroupPolicy is empty (no hidden files or folders)
  2. Open gpedit.msc
  3. in Computer Configuration --> Windows Settings --> Scripts (Start/Shutdown) --> Startup --> Powershell Scripts --> here add a empty powershell file --> ok --> apply --> ok --> close gpedit.msc

C:\Windows\System32\GroupPolicy\gpt.ini should now look like

[General]
gPCMachineExtensionNames=[{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B6664F-4972-11D1-A7CA-0000F87571E3}]
Version=2
  1. run dsc conig from below or any other with TargetType ComputerConfiguration
  2. gpt.ini now looks like
[General]
gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{40B6664F-4972-11D1-A7CA-0000F87571E3}{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{D02B1F72-3407-48AE-BA88-E8213C6761F1}]
Version=3
gPCUserExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F73-3407-48AE-BA88-E8213C6761F1}]

If you do the exact some thing, but don't do the GPO config using DSC but gpedit.msc the ini will look like

[General]
gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B6664F-4972-11D1-A7CA-0000F87571E3}]
Version=3

Verbose logs showing the problem

VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = ResourceSet,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'. 
VERBOSE: An LCM method call arrived from computer WIN-Q85JVGSCE32 with user sid S-1-5-21-8231911-2010208343-1302586613-500.                                                                                               
VERBOSE: [WIN-Q85JVGSCE32]: LCM:  [ Start  Set      ]  [[RegistryPolicyFile]DirectResourceAccess]                                                                                                                         
VERBOSE: [WIN-Q85JVGSCE32]:                            [[RegistryPolicyFile]DirectResourceAccess] Retrieving current for Key Software\Microsoft\Windows\CurrentVersion\Policies\Explorer ValueName AllowOnlineTips. (RPF04)
VERBOSE: [WIN-Q85JVGSCE32]:                            [[RegistryPolicyFile]DirectResourceAccess] Adding policy with Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, ValueName: AllowOnlineTips, ValueData: System.String[], ValueType: Dword. (RPF001)
VERBOSE: [WIN-Q85JVGSCE32]:                            [[RegistryPolicyFile]DirectResourceAccess] Gpt.ini gPCMachineExtensionNames CSE GUID updated from [{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B6664F-4972-11D1-A7CA-0000F87571E3}] to [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{40B6664F-4972-11D1-A7CA-0000F87571E3}{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{D02B1F72-3407-48AE-BA88-E8213C6761F1}]. (RPF07)
VERBOSE: [WIN-Q85JVGSCE32]:                            [[RegistryPolicyFile]DirectResourceAccess] Gpt.ini gPCUserExtensionNames CSE GUID updated from  to [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F73-3407-48AE-BA88-E8213C6761F1}]. (RPF07)
VERBOSE: [WIN-Q85JVGSCE32]:                            [[RegistryPolicyFile]DirectResourceAccess] Gpt.ini Version updated based on ComputerConfiguration from 2 to 3. (RPF08)
VERBOSE: [WIN-Q85JVGSCE32]: LCM:  [ End    Set      ]  [[RegistryPolicyFile]DirectResourceAccess]  in 0.2210 seconds.
VERBOSE: [WIN-Q85JVGSCE32]: LCM:  [ End    Set      ]    in  0.6150 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.

RebootRequired
--------------
False
VERBOSE: Time taken for configuration job to complete is 0.982 seconds

Suggested solution to the issue

Fix handling of gpt.ini so it procudes a valid gpt.ini

The DSC configuration that is used to reproduce the issue (as detailed as possible)

Invoke-DscResource -Name RegistryPolicyFile -ModuleName GPRegistryPolicyDSC -Method Set -Property @{
    Key = "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
    TargetType = "ComputerConfiguration"
    ValueName = "AllowOnlineTips"
    ValueData = @("0")
    ValueType = "Dword"
} -Verbose

But at the end it more ore less doesn't matter.

The operating system the target node is running

Name Value
OsName Microsoft Windows Server 2022 Standard
OsOperatingSystemSKU StandardServerEdition
OsArchitecture 64-bit
WindowsVersion 2009
WindowsBuildLabEx 20348.1.amd64fre.fe_release.210507-1500
OsLanguage en-US
OsMuiLanguages {en-US}

Version and build of PowerShell the target node is running

Name Value
PSVersion 5.1.20348.2400
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.20348.2400
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

Version of the DSC module that was used

Name Version Path
GPRegistryPolicyDsc 1.3.1 C:\Program Files\WindowsPowerShell\Modules\GPRegistryPolicyDsc\1.3.1\GPRegistryPolicyDsc.psd1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@schnyders