Action script working fine in Fixlet Debugger but not via fixlet

The following action script is working successfully on Fixlet Debugger, but when I run it via fixlet, it does not create a new “GroupPolicy” folder on "C:\WINDOWS\System32"

action uses wow64 redirection {not x64 of operating system}

delete __createfile
delete resetgp.bat

createfile until _eof
RD /S /Q “C:\WINDOWS\System32\GroupPolicy.old”
move C:\WINDOWS\System32\GroupPolicy C:\WINDOWS\System32\GroupPolicy.old
RD /S /Q “C:\WINDOWS\System32\GroupPolicy”
echo n | gpupdate /force
_eof

move __createfile resetgp.bat

waithidden resetgp.bat

Seems like wow64 related issue.

Do you end up with a folder named C:\WINDOWS\sysWOW64\GroupPolicy.old

Any clues/errors from the client logs while taking the action script?
If you manually run resetgp.bat by double clicking, does it give the desired result?

Good day John Talbert.

Do you end up with a folder named C:\WINDOWS\sysWOW64\GroupPolicy.old - No, it’s on C:\WINDOWS\System32\GroupPolicy.old

Any clues/errors from the client logs while taking the action script? - No errors, just command succeeded

If you manually run resetgp.bat by double clicking, does it give the desired result? - YES

I would expect this line to solve the problem.

Instead of using System32 you could instead try sysnative which is a virtual folder way to reference the correct location without disabling redirection.

Example: https://bigfix.me/relevance/details/3017247

Better Example: https://bigfix.me/fixlet/details/2547

Actually, this might be the issue.

You might need to do:

waithidden CMD /C resetgp.bat

… hmm actually I’m seeing examples where they do just use wait or waithidden with a BAT file directly, so maybe not? I generally prefer to call CMD directly and pass it the BAT file to run, though I forget how to do that at the moment.

Good day James Stewart.

Will give it a try and let you know the result. Thanks.

@bigfixuser

I just tested your script on my Windows 2016 x64 box on BigFix 10.0.0 and it seems to work as I expect.
The 64 bit native system32/GroupPolicy folder is renamed, as expected and the 32 bit version is untouched.
Screenshots to help explain

Starting State - Green box is the native system folder, the one that I think you want to change

image1259×356 27.9 KB

After running your original action script Red box untouched. Green box updated as expected

image1686×810 103 KB

Did it create a new “GroupPolicy” folder?

It did not see a new GroupPolicy folder created.
My server is not part of an active directory to receive a GPUpdate from.

We might not be dealing with a syswow issue, since the folder renames are working.

Can you try this variation, which separates out the gpudpate?

action uses wow64 redirection {not x64 of operating system}
delete __createfile
delete resetgp.bat
createfile until _eof
RD /S /Q "C:\WINDOWS\System32\GroupPolicy.old"
move C:\WINDOWS\System32\GroupPolicy C:\WINDOWS\System32\GroupPolicy.old
RD /S /Q "C:\WINDOWS\System32\GroupPolicy"
_eof
move __createfile resetgp.bat
waithidden resetgp.bat
waithidden gpupdate /force

Here is another Fixlet on BigFix.me that might help as well.

https://www.bigfix.me/fixlet/details/22887

Looks like a few extra parameters might need to go into the gpupdate invocation?

One more detail.
When I run gpupdate /force from a command line on my Windows 2016 box, the Group Policy folder is not recreated. (Even after a reboot)

image1102×272 27.3 KB

GroupPolicy is usually a protected folder, and you might often have issues deleting it as the OS / Group Policy Client will have the directory or it’s files locked for reading. If that’s the case you’ll get intermittent success or failure just based on what other processes on the machine are doing at the time.

Adding the following parameters solved the issue.

override wait
completion=job
hidden=true
runas=currentuser
wait cmd.exe /c echo n | gpupdate /force

The “GroupPolicy” folder was created successfully.