>> Bill Detwiler: PowerShell can be a handy tool for managing Windows servers. But having to set the execution policy each time you want to run a script on a new server can be a real pain. I'm Bill Detwiler. And during this episode of TR Dojo I'll show you how to centrally manage PowerShell's script execution settings via group policy.
Music
>> This episode of TR Dojo is brought to you by TechRepublic's Guide to Policies and Procedures. This timesaving guide contains over 100 customizable templates and forms. Go to policies.techrepublic.com to get your copy today.
>> Bill Detwiler: PowerShell has four execution policies that determine which scripts, if any, can be run on a computer. They are restricted which means that no scripts can be run, and that PowerShell can only be used in interactive mode, all signed which allows only scripts signed by a trusted publisher to run, remote signed which means that downloaded scripts must be signed by a trusted publisher before they will run, and lastly unrestricted which allows all Windows PowerShell scripts to be run. To prevent potentially malicious scripts from running, the restricted policy is the default. Now for scripts you write yourself, you'll likely need to put the unrestricted policy in place before you can run them. And you can do this locally using the set execution policy commandlet. And once you've set the policy, you can also use the get execution policy commandlet to verify that unrestricted is indeed the active policy. If you find yourself manually setting the execution policy on new servers each time you need to run a script, Rick Vanover, one of TechRepublic's servers and storage bloggers, suggests that you set the policy centrally using a group policy object, which is possible on both Windows Server 2008 and 2003. To create the GPO, open the Group Policy Management Editor, and navigate to Computer Configuration, Administrative Templates, Windows Components, and Windows PowerShell. Now once you're here, access the Turn on Script Executions setting, and make sure the enabled option is selected. Then under the Execution Policy option, choose one of the following: Allow Only Signed Scripts, which is the same as the all signed execution policy; Allow Local Scripts and Remote Signed scripts, now this is the same as the remote signed execution policy; and lastly, Allow All Scripts, which is the equivalent of the unrestricted execution policy. Now which policy option you choose will depend on the security needs of the systems you're deploying the policy to. Now before I wrap this up, you should know that disabling the Turn On Script execution policy under Group Policy is the same as setting the restricted execution policy, and so scripts just won't run. Well that does it for this episode. For more PowerShell tips and tricks, check out my previous TR Dojo videos on PowerShell and TechRepublic's Servers and Storage blog. And as always, for more teachings on your path to becoming an IT ninja, visit trdojo.techrepublic.com, or you can follow me on Twitter at twitter.com/billdetwiler. Thanks for visiting the TR Dojo.
Silence
Beep
>> Bill Detwiler: I'll show you how to centrally manage PowerShell's script execution ahh -- PowerShell's script execution settings. PowerShell can be a handy ahh -- that sounded kinda loud. PowerShell, hello. Had to say power with power. Is the same as setting the restricted execution policy in ahh -- restricted execution policy -- tongue twister.
==== Transcribed by Automatic Sync Technologies ====
