Group Policy Management Scripts encounter Access Violation after the end of execution

Article translations Article translations
Close Close
Article ID: 2447913 - View products that this article applies to.
Expand all | Collapse all

Action

You are running an Active Directory Domain. Your administration of group policies is based on Group Policy Management Console (GPMC) running on Windows Server 2003 or Windows XP.

You are using the scripting interface, for example, to backup group policies (e.g. BackupAllGPOs.wsf) or retrieve resultant set of policies (RSOP). A list of example scripts can be found here: http://technet.microsoft.com/en-us/library/cc776655(WS.10).aspx

Now you are installing the .Net Runtime Updates or deploy the latest version of the runtime on the machines running GPMC. The first update that is changing the system behavior is:

976576 An update is available for the .NET Framework 3.5 Service Pack 1 and the .NET Framework 2.0 Service Pack 2 in Windows Server 2003 and in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-US;976576

Result

When the scripting support DLL GPMGMT.DLL unloads after executing the script, you get an error popup:

cscript.exe - Application Error : The instruction at "0x01a1dce4" referenced memory at "0x02742108". The memory could not be "read".

An event in the system log is also recorded:

Event Type: Information
Event Source: Application Popup
Event Category: None
Event ID: 26
Description:
Application popup: cscript.exe - Application Error : The instruction at "0x0161dce4" referenced memory at "0x01422108". The memory could not be "read".

Click on OK to terminate the program

Cause

The GPMC uses an approach to manage the object lifetime which is not compatible with the guidelines of the .Net runtime. The behavior was tolerated by the runtime until the update 976576, but caused the runtime to leak memory.

The side-effect of the change is that applications violating the rules will experience an access violation.

Resolution

The version of GPMC that is included with Windows Server 2008 and later and that is also in the Remote Server Administration Tools (RSAT) are not causing this problem.

The error is shown and the event is logged by the Windows Hard Error Handler. You can modify the behavior of this handler:

124873 Disabling System Hard Error Message Dialog Boxes
http://support.microsoft.com/default.aspx?scid=kb;EN-US;124873

The basic approach is to set ErrorMode to 2 and back to 0 in a separate script host executable, like this:

reg add HKLM\System\CurrentControlSet\Control\Windows /v ErrorMode /t REG_DWORD /d 2 /f

call cscript BackupAllGPOs.wsf

reg add HKLM\System\CurrentControlSet\Control\Windows /v ErrorMode /t REG_DWORD /d 0 /f

If the script working with the GPMC objects is embedded in a bigger script and you can't have an "outer" script, you can set ErrorMode=2 directly in the script when you are working with the GPMC objects, and have the operating system set ErrorMode=0 with an event triggered task which you can configure with this command:

eventtriggers /create /TR "Set ErrorMode=0" /L System /T Information /SO "Application Popup" /EID 26 /TK "reg add HKLM\system\currentControlSet\control\windows /v ErrorMode /t REG_DWORD /d 0 /f" /RU ""

If the script is not running at Administrator Level or LocalSystem, it cannot write to the registry key where ErrorMode is located. To solve this problem, you can write a custom event in the script, and create a second event trigger consume it to set ErrorMode=2.

Examples for eventlogging:

http://msdn.microsoft.com/en-us/library/f9shkfdd(v=VS.80).aspx

http://support.microsoft.com/kb/301279

Note: To register the event source you need to run as administrator. Logging the event can be done as lower privilege account (e.g. Backup Operator).

Event triggers cannot be edited the same way as regular scheduled tasks. A limited set of options is available through the UI and SCHTASKS. When you do this, for some of the possible changes you lose the user the task is running under. You can reset the user the task is running under to LocalSystem using this script: 

Dir "%windir%\Set ErrorMode*.job" >temp-Job-List.Txt

For /f "delims=§" %%f in (temp-Job-List.Txt) do schtasks /change /TN "%%~nf" /RU ""

Del temp-Job-List.Txt

 

“§” would be any character not used in the job names.

Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2447913 - Last Review: November 15, 2010 - Revision: 2.0
APPLIES TO
  • Microsoft Windows XP Professional
  • Microsoft Windows Server 2003 Service Pack 2
Keywords: 
KB2447913

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com