Mark Minasi's Tech Forum
Sign up Calendar Latest Topics

  Author   Comment  

Still Checking the Forum Out
Posts: 6
Reply with quote  #1 
I recently deployed then removed a GPO that would run a powershell script. On a test machine. I made the mistake of not utilizing a cmd wrapper and thus it opens via notepad instead. Even though the GPO is removed the notepad file opens on every login. So it seems the Windows 10 machine itself has kept some portion of the script somewhere on it.

I went through the registry searching and deleting remnants of the application via keywords yet it keeps popping up. Went through startup and disabled anything looking like it. Under taskmgr > details > I found notepad.exe and under the command line column then discovered the process that's causing the problem "C:\Windows\System32\notepad.exe" "\\server\share\application.ps1

If I remove or rename the share the notepad file no longer shows up. But I wonder if theirs a way to discover the culprit on the client itself.
Previous Topic | Next Topic

Quick Navigation:

Easily create a Forum Website with Website Toolbox.