Set multiple custom %PATH% variables through Group Policy

Robbie Crash

2 min read

I have been trying to figure out how to get all my machines to use the same PATH since it's getting annoying always forgetting that things aren't included on my desktop PATH that are on my laptop, and vice versa.

tl;dr

Since GPOs are one of my major weakspots in Windows administration I've resolved to try to do things like this via GPO just to learn how to use them better. To get this policy set up I had to decide a few things that would impact how the policy was set up.

First, what variables are going to be universal on all Windows boxes I have on my network? This was rather easy as the only executables I need on all my Windows boxes are Cygwin, Python. I want the scripts folder in everyone's profile directory to be added, so I figure I should be able to append:
;C:Python27;C:Cygwinbin;C:cygwinusrbinC;%USERPROFILE%Scripts;
to the system PATH and that should be good enough for the universal PATH additions.

However, turns out Windows won't parse %USERPROFILE% in your system PATH because %USERPROFILE% is evaluated at login, but the system PATH is set before the usermode session begins. So, that means that we have to create a User environment variable for PATH as well. Windows will concatenate the two PATH variables, so this works fine.

I was also going to set some things that are unique to my user account, for example, I need at least the Android SDK and the domain's scripts directory, as well as my personal scripts folder.

So, I'll need one Computer based policy, one User based policy that applies to all domain users, and one that applies to me, because I'm a princess.

  1. Open GPMC
  2. Select your domain
  3. If you're creating a new policy:
    a. Right-Click the OU that you want the policy to apply to
    b. Enter the name for your new GPO
    c. Keep (none) selected for your Source Starter GPO and click OK.
  4. Right-click the policy object and select 'edit'
  5. Go to Computer Configuration > Preferences > Windows Settings > Environment
  6. Right-click > New > Environment Variable
  7. Set the action to Create, a System Variable, check off Path in the checkboxes instead of picking a name and check Partial.

    Otherwise it will replace the whole PATH instead of just appending 8. Set the value to the folders you need added, seperated by semicolons. For example, mine was:

;C:Python27;C:Cygwinbin;C:Cygwinusrbin;

9. Hit Apply, OK and then do GPUpdate /force on the client machine to make sure everything worked.

For the User based PATH:

The first four steps are the same as above, but then:

  1. Pick User Configuration instead of Computer Configuration.
  2. Right-Click and select **New > Environment Variable
  3. Select Create for the Action, User Variable. In the Name field, enter Path.
    For some reason it won't let you click PATH, even though it applies the same user environment variable.
  4. Enter the values you want added to the PATH, for example, my policy "Set All Users Path" contains the value:
`;%USERPROFILE%Scripts;`

9. Hit Apply, OK, then /force a gpupdate on the client machine to make sure everything worked.

To get my princess one, I had to copy the All Users path, and then add my princess requirements since you cannot add to the user variable PATH through additionally GPOs.

Sign up for more like this.

Enter your email
Subscribe