Monday, April 25, 2016

PowerShell: BATCH Script to Allow PowerShell Scripts to Execute

For some SysAdmins, they will use one or more tools to deploy software to a range of computers on their network. For me, it our monitoring tool that allows are to remote execute scripts to do some sort of task.

Writing in PowerShell is amazing and is Microsoft's best yet command line tool. However by default for security purposes, script execuition is blocked for untrusted or unsigned scripts.

I won't go into Signing scripts just now but using the following command will allow you to run PowerShell Scripts

Set-ExecutionPolicy -RemoteSigned

This line still provides a level of protection while still allwoing you to execute custom scripts. Other switches include -bypass and -unrestricted.

So how can we get a large number of these set?

There are a number of ways:
  1. Group Policy
  2. Batch Script
The reason for me writing this BATCH Script is that it allows me to deploy and run on a computer regardless of the Domain it is joined to.

Copy and paste this code into a text file called SetExecutionPolicy.bat and then Save.

This script also creates entries into the Windows Event Viewer to tell you if and when the command has been executed, or if it failed to run.



@echo off

REM -------------------------------------------------------------
REM       Set-ExecutionPolicy RemoteSigned for Powershell
REM          Date: 10-Spet-2015
REM        Author: Daniel Burrowes
REM -------------------------------------------------------------



Echo Setting PowerShell Execution Policy for RemoteSigned

PowerShell.exe Set-ExecutionPolicy RemoteSigned

IF %ERRORLEVEL% NEQ 0 goto ERROR    

EVENTCREATE /T INFORMATION /L APPLICATION /ID 100 /D "PowerShell Execution Policy has been set to RemoteSigned"
GOTO DONE

:ERROR 

EVENTCREATE /T ERROR /L APPLICATION /ID 100 /D "PowerShell ExecutionPolicy batch script failed to run." 


:DONE

Echo Done!

EXIT

No comments:

Post a Comment