Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

Powershell Script Signing

Created: 12 Dec 2013 | 4 comments

I want to make more use of Powershell scripts as tasks to send out to clients but it doesnt work because the scripts are not signed and the execution policy is restricted on the clients. I can sign .ps1 scripts outside of the system but want to be able to make quick tasks etc. without making a seperate .ps1. I have read  that we can run the disable execution policy script before, run the script, then enable again but this seems a pretty stupid way of achieving it and increases the chances of leaving it open. Is there a better way to do it yet?

Comments 4 CommentsJump to latest comment

AngelD's picture

Have you tried with the ExecutionPolicy parameter?

ex.
powershell.exe -ExecutionPolicy Bypass -File .\script.ps1
 

ukDavidC's picture

Well the point is I don't want to run a powershell.exe or .ps1, I want to make use of the built in 'script' task where you can write a script and choose the language, run it and it returns the script output to the console. Otherwise I have to maintain a .ps1 script somewhere else on the network and run it through a command task..

Please don't forget to mark your thread solved with whatever answer helped you : )

DerekEngel's picture

You can open any ps1 file, copy it all and paste it directly into a script task.  Of course you would choose PowerShell in your script task drop down.  The execution policy is something seperate that your and organization need to decide on.  Symantec offers you the ability to create a job, which can include the ability to set the execution policy to unrestricted, execute your script, and then set the execution policy back to restricted.  Is this a bad idea?  Most would probably say so.  What you should be doing is creating a GPO for your organization that will set the execution policies on your endpoints to all signed.  You will then need to sign your scripts, which will be incorporated into your ps1 file.  You then have to open them, copy the contents, and paste them into a script task, with PowerShell as your choice.

AngelD's picture