Snapin PowerShell Script Can't Run (Execution Policy)



  • Hi all,
    I’m trying to run a PowerShell script that renames the local administrator account after a PC has been imaged through the FOG snapin. However, I run into the issue of it not running because the execution policy isn’t set to remote signed. How would I go about ensuring it can run when the FOG service starts?
    Any help with this would be appreciated.


  • Moderator

    I use a slightly alternative method personally, where I run the powershell command from a batch script, which requires a slightly different approach.

    Example:

    powershell -Command "& {Set-ExecutionPolicy RemoteSigned; Import-Module PSWindowsUpdate; Get-WUInstall}" 
    

  • Senior Developer

    @george1421, @Wayne-Workman 's response is the correct answer. We already take into account execution policies with our snapin templates.


  • Moderator

    While this doesn’t directly answer your question, the answer may be close to what you need.

    In MDT for Win10 we use this run command line TS to launch a PS to remove the unwanted windows Apps. This script does need the execution bypass set. This will work if the user that is executing the script is running as a local admin.

    powershell.exe -ExecutionPolicy Bypass -Command "Copy-Item '%SCRIPTROOT%\gRemove-Win10-CrapApps.ps1' -destination %temp%; %temp%\gRemove-Win10-CrapApps.ps1; Remove-Item %temp%\*.ps1 -Force"
    

    Now we also rename the local admin account but we do it this way:

    wmic useraccount where name='administrator' rename <notRealAdmin_name>
    net localgroup administrators <notRealAdmin_name> /add
    

    And then for good measure we create a new user account with the name of ‘administrator’ , set a complex password and then disable the account. It’s not clear if it adds any level of security to our design, but we do audit against the use/attempted login of ‘administrator’ on the local workstations.



  • If you use the powershell template when you create a new snapin, it already has execution policy bypass in the arguments for you.


 

506
Online

41.6k
Users

12.1k
Topics

114.4k
Posts