Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Group Policy Management Scripts encounter Access Violation after the end of execution

Group Policy Management Scripts encounter Access Violation after the end of execution

Action

You are running an Active Directory Domain. Your administration of group policies is based on Group Policy Management Console (GPMC) running on Windows Server 2003 or Windows XP.

You are using the scripting interface, for example, to backup group policies (e.g. BackupAllGPOs.wsf) or retrieve resultant set of policies (RSOP). A list of example scripts can be found here: http://technet.microsoft.com/en-us/library/cc776655(WS.10).aspx

Now you are installing the .Net Runtime Updates or deploy the latest version of the runtime on the machines running GPMC. The first update that is changing the system behavior is:

976576 An update is available for the .NET Framework 3.5 Service Pack 1 and the .NET Framework 2.0 Service Pack 2 in Windows Server 2003 and in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-US;976576

↑ Back to the top

Result

When the scripting support DLL GPMGMT.DLL unloads after executing the script, you get an error popup:

cscript.exe - Application Error : The instruction at "0x01a1dce4" referenced memory at "0x02742108". The memory could not be "read".

An event in the system log is also recorded:

Event Type: Information
Event Source: Application Popup
Event Category: None
Event ID: 26
Description:
Application popup: cscript.exe - Application Error : The instruction at "0x0161dce4" referenced memory at "0x01422108". The memory could not be "read".

Click on OK to terminate the program

↑ Back to the top

Cause

The GPMC uses an approach to manage the object lifetime which is not compatible with the guidelines of the .Net runtime. The behavior was tolerated by the runtime until the update 976576, but caused the runtime to leak memory.

The side-effect of the change is that applications violating the rules will experience an access violation.

↑ Back to the top

Resolution

The version of GPMC that is included with Windows Server 2008 and later and that is also in the Remote Server Administration Tools (RSAT) are not causing this problem.

The error is shown and the event is logged by the Windows Hard Error Handler. You can modify the behavior of this handler:

124873 Disabling System Hard Error Message Dialog Boxes
http://support.microsoft.com/default.aspx?scid=kb;EN-US;124873

The basic approach is to set ErrorMode to 2 and back to 0 in a separate script host executable, like this:

reg add HKLM\System\CurrentControlSet\Control\Windows /v ErrorMode /t REG_DWORD /d 2 /f

call cscript BackupAllGPOs.wsf

reg add HKLM\System\CurrentControlSet\Control\Windows /v ErrorMode /t REG_DWORD /d 0 /f

If the script working with the GPMC objects is embedded in a bigger script and you can't have an "outer" script, you can set ErrorMode=2 directly in the script when you are working with the GPMC objects, and have the operating system set ErrorMode=0 with an event triggered task which you can configure with this command:

eventtriggers /create /TR "Set ErrorMode=0" /L System /T Information /SO "Application Popup" /EID 26 /TK "reg add HKLM\system\currentControlSet\control\windows /v ErrorMode /t REG_DWORD /d 0 /f" /RU ""

If the script is not running at Administrator Level or LocalSystem, it cannot write to the registry key where ErrorMode is located. To solve this problem, you can write a custom event in the script, and create a second event trigger consume it to set ErrorMode=2.

Examples for eventlogging:

http://msdn.microsoft.com/en-us/library/f9shkfdd(v=VS.80).aspx

http://support.microsoft.com/kb/301279

Note: To register the event source you need to run as administrator. Logging the event can be done as lower privilege account (e.g. Backup Operator).

Event triggers cannot be edited the same way as regular scheduled tasks. A limited set of options is available through the UI and SCHTASKS. When you do this, for some of the possible changes you lose the user the task is running under. You can reset the user the task is running under to LocalSystem using this script: 

Dir "%windir%\Set ErrorMode*.job" >temp-Job-List.Txt

For /f "delims=§" %%f in (temp-Job-List.Txt) do schtasks /change /TN "%%~nf" /RU ""

Del temp-Job-List.Txt

 

“§” would be any character not used in the job names.

↑ Back to the top

More Information

Steps to reproduce.

Product Bug Number:

http://co1bugchkiis2/bugs/WindowsSE/334306

http://co1bugchkiis2/bugs/WindowsSE/341981

Author ID (email alias): herbertm
Writer ID(email alias):
Tech Review ID (email alias):
Confirm Article has been Tech Reviewed: Yes/No
Confirm Article released for Publishing: Yes/No

 

↑ Back to the top

Keywords: vkball, kb

↑ Back to the top

Article Info
Article ID : 2447913
Revision : 1
Created on : 1/8/2017
Published on : 11/15/2010
Exists online : False
Views : 223