Configuring PowerShell Execution Policy with Group Policy
In this lecture, we are going to configure our Script Execution with Group Policy.
Now, first I want to talk about what are Script Execution Policies? Also known as Execution Policies.
These are policies that are designed to assist users. So, users assign basic rules, and the Execution Policies are designed to prevent users from unintentionally violating those rules.
So, Script Execution contrary to what you might think is NOT a security system, and it can be easily bypassed.
So, with that being said I am going to hop to my server IPDC01, and I am going to show you how to configure a Group Policy Object so that we can execute scripts.
What I am going to do is open the PowerShell ISE by clicking on the lower-hand side of the screen, and I am going to type powershell. Next, I am going to select the Windows PowerShell ISE.
Here I am going to type a simple command like:
And, I am going to click the Run button up here. We can see that it successfully completes the script.
And, You’ll notice there’s a * next to the name in the tab Untitled1.ps1*. This means we have unsaved changes. So what I am going to do is save the script by clicking File > Save.
And, I will just save it to my Desktop and will leave it named Untitled1 and click Save.
So, now we have our script saved. If I click the Play button, now we are going to get an error.
And, it is saying, it cannot be loaded because running scripts is disabled on this system.
One thing to keep in mind is that you can write out your scripts here as much as you want, but the second that you save them, or if you are working with a file, the script is going to fail. So, this is not designed to prevent you from writing a set of instructions and executing them, it is just to keep you from running scripts that you don’t want to run.
So, here in PowerShell at the bottom, if we type Get-ExecutionPolicy -List we can get a list of all the execution policies that are on this machine.
So, here we can see all Undefined. If something is undefined it defaults to the value of Restricted.
So, what this is telling me is that I don’t have any kind of Group Policy object telling my computer whether it should or it should not allow you to execute scripts, so therefore my computer is defaulting to not allowing me to run scripts.
Now, if you see some settings inside of this list you can check to see if it's Group Policy, and I’ll cover that in a second.
So, let’s go ahead and create a Group Policy Object and let’s allow our Machine and UserPolicy Unrestricted access to run these scripts.
So, I am going to switch over to Server Manager and I am going to click on Tools on the upper right-hand corner of the screen and I am going to choose Group Policy Management.
Here I have my domain instructorpaul.com expanded and I have my Organizational Units here. What I am going to do is I am going to create a GPO, and the placement of this GPO is very important because we are going to be configuring a Computer Setting. So, it needs to be linked to something that has Computers inside of the OU or it has the target computers.
So, if I want to allow script execution only on my Domain Controllers I would create the GPO under the Domain Controllers Organizational Unit. If I had an OU under instructorpaul.com like Domain Workstations I could create the GPO here and it would only allow script execution on my Domain Workstations.
Sign up to access the rest of this lesson
You must either log in or sign up to access this lesson.