Skip to content
iTecNote
  • Python
  • Javascript
  • PHP
  • Java
  • Android
  • iOS
  • jQuery
  • MySQL

Can system Environment Variables be set via Windows Logon Scripts

automated-deploybatch-fileloginscriptingwindows-installer

I have an MSI-packaged application that is being deployed via Group Policy Objects (GPO) from a Windows 2003 Domain Server to all the XP client machines in the network.

This application reads two environment variables for its configuration (which server IPs to talk to) and it seems like we'd also want to push this configuration via a GPO style setting or Login script to all the desktops.

What is the best approach for setting environment variables across a network of desktops?

Best Solution

My research says there are four ways to do this. I started at the Microsoft Logon Script documentation pages and fanned out from there.

Login Script Batch File

Windows Server 2000, 2003, 2008

Login batch file (.BAT) scripts are just a temporary instance of a CMD window, and the environment variables set in there go away as soon as the login window closes.

set MYVAR=MyValue

Won't work for the aforementioned reason.

So, alternatively, I can try to set the variable via directly writing to the registry like so for a System Environment Variable:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v MYVAR /t REG_EXPAND_SZ /d MyValue

or to the User Environment Variables like so:

reg add HKCU\Environment /v MYVAR /t REG_EXPAND_SZ /d MyValue

The drawback here is that the variables, though written to registry, are not read until the next login for all I can see. A new CMD window shows no trace of them until the user re-logs-in.


Login Script WSH VBS File

Windows Server 2000, 2003, 2008

With a Visual Basic Script (VBS) login script, you can use a more programmatic method to access the environment variables. This is looking like my most viable approach. This example would append to the end of PATH.

Set WSHShell = WScript.CreateObject("WScript.Shell")
Set WshEnv = WshShell.Environment("SYSTEM")
WshEnv("Path") = WshEnv("Path") & ";M:\DB\whatever\"

This example would just set the variable.

Set WSHShell = WScript.CreateObject("WScript.Shell")
Set WshEnv = WshShell.Environment("SYSTEM")
WshEnv("MYVAR") = "MyNewValue"

This approach yields variables that are immediately available via a CMD window. No reboot is required like the batch file registry writes.


ADM File

Windows Server 2000, 2003, 2008

ADM files are a way to expose custom functionality of settings to the Group Policy Editor. It seems tricky to get them installed and visible on the domain controller so I'm jumping over this option.

Microsoft Support TechNet Reference on ADM File Locations.
Another article about ADM files and using them to set Registry settings.
Tom's Hardware on ADM Files.

---- set.adm ---- 
CLASS MACHINE 
CATEGORY "Environment" 
POLICY "Self dfined variables" 
KEYNAME "SYSTEM\CurrentControlSet\Control\Session Manager\Environment" 
PART "Set MyVar1 =" EDITTEXT 
DEFAULT "MyValue1" 
VALUENAME MyVar1 ; EXPANDABLETEXT 
; add expandabletext if it can contain Variables itself 
END PART 
END POLICY 
END CATEGORY 
---- set.adm ----


Group Policy Preferences (GPP)

Windows Server 2008

Windows Server 2008 has a new feature called the Environment Extensions for the Group Policy Preferences. It allows you to conveniently set what otherwise required complex batch scripts. The new items exposed include registry values, environment variables, and more. A quick how-to guide is available here.

I can't use this option because my clients don't have Windows Server 2008.


Summary

Please tell me based on your experiences as Windows Administrators which of these works best and why. I'm just a desktop developer, and need an admin's insight.

Related Solutions

Windows – How to you find and replace text in a file using the Windows command-line environment

A lot of the answers here helped point me in the right direction, however none were suitable for me, so I am posting my solution.

I have Windows 7, which comes with PowerShell built-in. Here is the script I used to find/replace all instances of text in a file:

powershell -Command "(gc myFile.txt) -replace 'foo', 'bar' | Out-File -encoding ASCII myFile.txt"

To explain it:

  • powershell starts up powershell.exe, which is included in Windows 7
  • -Command "... " is a command line arg for powershell.exe containing the command to run
  • (gc myFile.txt) reads the content of myFile.txt (gc is short for the Get-Content command)
  • -replace 'foo', 'bar' simply runs the replace command to replace foo with bar
  • | Out-File myFile.txt pipes the output to the file myFile.txt
  • -encoding ASCII prevents transcribing the output file to unicode, as the comments point out

Powershell.exe should be part of your PATH statement already, but if not you can add it. The location of it on my machine is C:\WINDOWS\system32\WindowsPowerShell\v1.0

Update
Apparently modern windows systems have PowerShell built in allowing you to access this directly using

(Get-Content myFile.txt) -replace 'foo', 'bar' | Out-File -encoding ASCII myFile.txt
Windows – How to shutdown, restart, or log off Windows via a bat file

The most common ways to use the shutdown command are:

  • shutdown -s — Shuts down.
  • shutdown -r — Restarts.
  • shutdown -l — Logs off.

  • shutdown -h — Hibernates.

    Note: There is a common pitfall wherein users think -h means "help" (which it does for every other command-line program... except shutdown.exe, where it means "hibernate"). They then run shutdown -h and accidentally turn off their computers. Watch out for that.

  • shutdown -i — "Interactive mode". Instead of performing an action, it displays a GUI dialog.

  • shutdown -a — Aborts a previous shutdown command.

The commands above can be combined with these additional options:

  • -f — Forces programs to exit. Prevents the shutdown process from getting stuck.
  • -t <seconds> — Sets the time until shutdown. Use -t 0 to shutdown immediately.
  • -c <message> — Adds a shutdown message. The message will end up in the Event Log.

  • -y — Forces a "yes" answer to all shutdown queries.

    Note: This option is not documented in any official documentation. It was discovered by these StackOverflow users.

I want to make sure some other really good answers are also mentioned along with this one. Here they are in no particular order.

  • The -f option from JosephStyons
  • Using rundll32 from VonC
  • The Run box from Dean
  • Remote shutdown from Kip
Related Question
  • Windows – Remove quotes from named environment variables in Windows scripts
  • Bash – How to declare and use Boolean variables in a shell script
  • Bash – How to set the current working directory to the directory of the script in Bash
  • Windows – Setting a system environment variable from a Windows batch file
  • Application deployment through GPO fails on Windows 10