Mark Minasi's Tech Forum
Sign up Calendar Latest Topics
 
 
 


Reply
  Author   Comment  
tassinvegeta

Still Checking the Forum Out
Registered:
Posts: 6
Reply with quote  #1 
I recently deployed then removed a GPO that would run a powershell script. On a test machine. I made the mistake of not utilizing a cmd wrapper and thus it opens via notepad instead. Even though the GPO is removed the notepad file opens on every login. So it seems the Windows 10 machine itself has kept some portion of the script somewhere on it.

I went through the registry searching and deleting remnants of the application via keywords yet it keeps popping up. Went through startup and disabled anything looking like it. Under taskmgr > details > I found notepad.exe and under the command line column then discovered the process that's causing the problem "C:\Windows\System32\notepad.exe" "\\server\share\application.ps1

If I remove or rename the share the notepad file no longer shows up. But I wonder if theirs a way to discover the culprit on the client itself.
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.