Silly question but when I try and delete a file on my windows 2016 server, the actions runs successfully but the file remain
I ran delete file “c:\windows\system32\grouppolicy\machine\registry.pol”
Other weird things in QNA if I type q: exists file “c:\windows\system32\grouppolicy\machine\registry.pol” I get a failure, if I type exists folder “c:\windows\system32\grouppolicy\machine” it fails if I type exists folder “c:\windows\system32\grouppolicy” it returns true. Tries the various QNA queries using both local fixlet debugger and local client
Are these files protected in the system32 directory by the OS somehow? I thought the BigFix client ran as system so it should be able to delete the registry.pol file
It’s a matter of 32-bit redirection.
Calls to the \Program Files or \Windows\System32 are automatically redirected to \Program Files (x86) or \Windows\Syswow64. This is to maintain backwards compatiblity.
You’ll need to use the ‘x64 files’, ‘x64 folders’, ‘native files’, or ‘native folders’ inspectors to get to those paths.
Try these to see the differences…
q: exists file "c:\windows\system32\grouppolicy\machine\registry.pol"
q: exists native file "c:\windows\system32\grouppolicy\machine\registry.pol"
q: exists x64 file "c:\windows\system32\grouppolicy\machine\registry.pol"
In the Action, you’ll need to add the line
action uses wow64 redirection false
on any line before a ‘wait’ or ‘run’ command to have the processes spawned off as 64-bit rather than 32-bit.
That said, registry.pol may well be locked. It’s been a while since I tried it but one workaround I’ve used a few years ago was to first move registry.pol to a new file (the ‘move’ is allowed because the file handles remain the same, any processes locking the file just keep reading it from their existing handles) and a second task to delete the moved copy of it.
Thank you this relevance worked
q: exists native file “c:\windows\system32\grouppolicy\machine\registry.pol”
q: exists x64 file “c:\windows\system32\grouppolicy\machine\registry.pol”
Last question to delete the regisitry.pol file I was thinking of adding a Powershell command to the action. If i select Powershell can I add the command Remove-Item “C:\Windows\System32\GroupPolicy\Machine\Registry.pol” directly into the action or do I need to create the ps1 file and precache it on the server? We are at the current version of BigFix if that matters
There are a few different ways to do it. For such a simple command it would be unusual to create a PowerShell script on the server and then download the script using the client.
One common way would be to use the ‘PowerShell’ Action Type on the task. Honestly I rarely use that and I’m not sure whether it runs the 64-bit or 32-bit PowerShell.
For a single command line, you could launch PowerShell to run the command directly. Here’s an example I have for adding a Windows Defender exclusion for the BESClient process via PoweShell. (note that curly brackets need to be escaped…sometimes…see Tip: Escaping curly brackets for substitutions in ActionScript )
action uses wow64 redirection false
waithidden powershell.exe -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath '{pathname of data folder of client}\:{{ScanTrigger:OnAccess}'
The other common method is to build a PowerShell script on the fly with the ‘createfile’ or ‘appendfile’ commands and then execute PowerShell to run the script explicitly. This one uses a bit of extra logic to locate powershell.exe (instead of assuming it’s in the PATH environment variable), and saves the PowerShell output to a log file.
action uses wow64 redirection {not x64 of operating system}
delete __createfile
createfile until END_OF_FILE
// Some PowerShell script content goes here
END_OF_FILE
delete powershell.ps1
move __createfile powershell.ps1
waithidden cmd.exe /c ""{ pathname of file ((it as string) of value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of native registry) }" -ExecutionPolicy Bypass -File powershell.ps1 > script-output.txt 2>&1"
delete powershell.ps1
continue if {exit code of action = 0}