PowerShell startup script applied via GPO failing ambiguously

group-policy powershell windows-8.1
5,829

I don't have any authoritative references, but the $HOME, $env:HOMEDRIVE and $env:HOMEPATH variables are user-specific environment variables.

It's unlikely that they would get assigned when you start a PowerShell host in the security context of the machine and not the user

Share:
5,829
Jaxaeon
Author by

Jaxaeon

Updated on September 18, 2022

Comments

  • Jaxaeon
    Jaxaeon almost 2 years

    Script:

    $folder = "$env:HOMEDRIVE\TestFolder"
New-Item -ItemType directory -Path $folder
    • note that the same group policy error occurs when $folder is set to "C:\..."

    Execution policy is unrestricted, and the script runs fine when ran manually in Windows 8.1 (folder is created). I created a group policy (Computer Configuration > Windows Settings > Scripts > Startup) Added TestFolder.ps1 to \domain.com\SysVol\domain.com\Policies...\Machine\Scripts\Startup. Security Filtering configured to apply to the Domain Computers group. Policy applies fine to computer.

    I get the following error when the policy attempts to apply script:

    Group Policy event 1130

Startup script failed. 
    GPO Name : TestFolder Script
    GPO File System Path : \\domain.com\SysVol\domain.com\Policies\...\Machine
    Script Name: TestFolder.ps1

SupportInfo1 178254400 
  SupportInfo2 71 
  ErrorCode 267 
  ErrorDescription The directory name is invalid.  
  ScriptType 0 
  GPODisplayName TestFolder Script
  GPOFileSystemPath \\domain.com\SysVol\domain.com\Policies\...\Machine 
  GPOScriptCommandString TestFolder.ps1

    I can't help but notice that \Scripts\Startup is omitted from the File System Path in the error information... Ideas?

    EDIT: The group policy applies to a Windows 7 VM fine. Seems to me a problem with Windows 8.1.

    • DarkMoon
      DarkMoon almost 10 years
      Does HOMEDRIVE exist at machine startup, before the user logs on? I'm not sure it does, but I don't have a Windows PC handy to check...
    • Get-HomeByFiveOClock
      Get-HomeByFiveOClock almost 10 years
      I have actually noticed that there does seem to be a difference (I'm guessing with permissions) on directories in the C:\ - C:|windows\system with Windows 7 and Windows 8. I have long suspected there is some sort of added "security" in those directories that makes it harder.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

powershell: script to start a program with parameters?
How to disable shutdown option at the login screen?
How to prevent GPO from mapping network drives on my PC?
How can I make my powershell module import permanent?
Using the Windows 8.1 command prompt to view Windows activation key
Run a script when group policy is applied (not at login or startup)
How to overcome Local Group Policy Editor's 1023 character limit?
Allow Microsoft accounts to be optional without Group Policy?
How to reset TCP/IP on Windows 8.1?
What is the Start Screen Control in Windows 8.1 Enterprise