Snapin PowerShell Script Can't Run (Execution Policy)
-
Hi all,
I’m trying to run a PowerShell script that renames the local administrator account after a PC has been imaged through the FOG snapin. However, I run into the issue of it not running because the execution policy isn’t set to remote signed. How would I go about ensuring it can run when the FOG service starts?
Any help with this would be appreciated. -
If you use the powershell template when you create a new snapin, it already has execution policy bypass in the arguments for you.
-
While this doesn’t directly answer your question, the answer may be close to what you need.
In MDT for Win10 we use this run command line TS to launch a PS to remove the unwanted windows Apps. This script does need the execution bypass set. This will work if the user that is executing the script is running as a local admin.
powershell.exe -ExecutionPolicy Bypass -Command "Copy-Item '%SCRIPTROOT%\gRemove-Win10-CrapApps.ps1' -destination %temp%; %temp%\gRemove-Win10-CrapApps.ps1; Remove-Item %temp%\*.ps1 -Force"Now we also rename the local admin account but we do it this way:
wmic useraccount where name='administrator' rename <notRealAdmin_name> net localgroup administrators <notRealAdmin_name> /addAnd then for good measure we create a new user account with the name of ‘administrator’ , set a complex password and then disable the account. It’s not clear if it adds any level of security to our design, but we do audit against the use/attempted login of ‘administrator’ on the local workstations.
-
@george1421, @Wayne-Workman 's response is the correct answer. We already take into account execution policies with our snapin templates.
-
I use a slightly alternative method personally, where I run the powershell command from a batch script, which requires a slightly different approach.
Example:
powershell -Command "& {Set-ExecutionPolicy RemoteSigned; Import-Module PSWindowsUpdate; Get-WUInstall}"