No more hiding in the server room
Do what I want....
And not what I tell you to do!
Pop quiz:
What does the following Powershell script do?
$MachineName = '.'
$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $MachineName)
$regKey= $reg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management",$true)
$regkey.SetValue('PagedPoolSize','FFFFFFFF')
Answer:
Cause pandemonium, as it turns out.
If the registry key already exists, the SetValue method helpfully converts it to the appropriate type (String, Binary Value, Dword, etc). Unfortunately, 'FFFFFFFF' (note the quotes) is a string, not the hex number FFFFFFFF.
Oops.
Windows XP does not like it when that key is not a DWORD. You know all those "don't edit the registry unless you're really sure you know what you're doing or you'll blow up your computer" warnings in Microsoft knowledge base articles? This is a good example of what they mean.
So remember - to err is human, but to really screw things up you need a shell script!
Pop quiz:
What does the following Powershell script do?
$MachineName = '.'
$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $MachineName)
$regKey= $reg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management",$true)
$regkey.SetValue('PagedPoolSize','FFFFFFFF')
Answer:
Cause pandemonium, as it turns out.
If the registry key already exists, the SetValue method helpfully converts it to the appropriate type (String, Binary Value, Dword, etc). Unfortunately, 'FFFFFFFF' (note the quotes) is a string, not the hex number FFFFFFFF.
Oops.
Windows XP does not like it when that key is not a DWORD. You know all those "don't edit the registry unless you're really sure you know what you're doing or you'll blow up your computer" warnings in Microsoft knowledge base articles? This is a good example of what they mean.
So remember - to err is human, but to really screw things up you need a shell script!
Tags: Oops, Powershell, Registry
-
Comment by Elizabeth Ayer on January 20, 2010 at 6:32pm
-
Great post, Jason.
So can you tell us -- what exactly >did< happen in this case? Please, give us all the gory details! What was the end effect, and was there anything that could be done to fix it?
-
Comment by Jason Short on January 21, 2010 at 1:36am -
At least on our workstations, they'll run fine for a few minutes (say, 10 or 20). Just long enough for you check them after a reboot and think that they're running fine.
Shortly, they'll show symptoms of the kernel running out of paged pool memory. Programs won't start, possibly corruption of windows on the screen, and error 2020 will show up in the event log - "Server is unable to allocate memory from the system paged pool".
Fortunately, the fix was relatively easy. Reboot the PCs, delete that registry key and recreate it as a DWORD, then reboot again. Inconvenient, but easier than, say, re-imaging the PC.
Comment
© 2010 Created by Elizabeth Ayer and Michael Francis.
Powered by 
.
You need to be a member of The SysAdmin Network to add comments!
Join The SysAdmin Network