Error 0xc00ce558 - GPO permanently breaks

[jsdhasfedssad]

Hi,

This tool looks promising but during testing I encountered an error that simply breaks the targeted GPO rendering it unusable for me as a pentester and for my client. The broken GPO cannot even be deleted. This is as you understand really bad and as long as this is not fixed I cannot use your tool. SharpGPOAbuse suffers from the same issue so to me it seems something has changed on the Windows Server side making both tools incompatible.

I whish I could write the specific scenario that triggers this but I have yet to find a pattern. It seems to happen more frequently when things go "wrong". For example when I forget to add the parameter "-f" or when I enter a GPO that does not exist or I do not have write access on. Just keep trying to execute various sheduled tasks and you will eventually get an error in your shell. Once you get that , access your DC and open Group Policy Management. In that, rightclick your targeted GPO and select "Edit...". Then expand "Preferences" under either "Computer Configuration" or "User configuration" depending on what object you are targeting. Finally leftclick "Control Panel Settings" and you will get the below error popup.

[coffeegist]

I have seen this as well, I would say the tool is pretty dangerous without figuring this out, no one likes broken GPOs :)

[Hackndo]

I've tried playing around, I couldn't reproduce... If this happens again, I'd love to have the XML file associated with the GPO \\<DOMAIN>\SYSVOL\<DOMAIN>\Policies\{<ID>}\Machine\Preferences\ScheduledTasks\ScheduledTasks.xml

[jsdhasfedssad]

I tried to reproduce this but I couldn't. I have rebuilt my AD lab which includes a primary and a secondary DC since reporting this so maybe there was some GPO sync issues triggering this?