ControlNOW
 
Reset Search
 

 

Article

Error: 'Windows PowerShell updated your execution policy successfully, but the setting is overridden by a policy defined at a more specific scope' when running Powershell scripts through the Advanced Monitoring Agent

« Go Back

Information

 
Answer

PROBLEM

Powershell Scripts on Windows 2008 R2 are returning an error related to the execution policy while run through the Advanced Monitoring Agent. The error shows as follows:

Set-ExecutionPolicy : Windows PowerShell updated your execution policy successfully, but the setting is overridden by a policy defined at a more specific scope. Due to the override, your shell will retain its current effective execution policy of "Unrestricted". Type "Get-ExecutionPolicy -List" to view your execution policy settings. For more information, please see "Get-Help Set-ExecutionPolicy." At line:1 char:49 + $p = Get-ExecutionPolicy; &{ Set-ExecutionPolicy <<<< RemoteSigned }; .\2274 .ps1 -logfile ..\task_122.log; Set-ExecutionPolicy $p; Exit $LASTEXITCODE + CategoryInfo : PermissionDenied: (:) [Set-ExecutionPolicy], SecurityException + FullyQualifiedErrorId : ExecutionPolicyOverride,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand

SOLUTION

For the Local Policy:
  1. Open Local Policy Editor
  2. Browse to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Windows Powershell
  3. Enable Turn on Script Execution and set the policy to Allow local scripts and remote signed scripts
For the Group Policy:
  1. Open Group Policy Management Editor
  2. Browse to Computer Configuration > Preferences Windows Settings > Registry
  3. Right click and Create a new registry item:
    • Action: Update Hive: HKEY_LOCAL_MACHINE
    • Key Path: SOFTWARE\Microsoft\PowersShell\1\ShellIds\Microsoft.PowerShell
    • Value name: ExecutionPolicy 
    • Value type:REG_SZ
    • Value data: RemoteSigned
  4. Now create a second registry item that will cover 32-bit Powershell on 64-bit machines:
    • Action: Update Hive: HKEY_LOCAL_MACHINE
    • Key Path: SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
    • Value name: ExecutionPolicy
    • Value type: REG_SZ
    • Value data: RemoteSigned
  5. On the Common tab, check Item-level targeting and click the Targeting button
  6. Create a new Environment Variable item named PROCESSOR_ARCHITECTURE with a value of AMD64
  7. Verify that only the local settings are being applied and that the preference will reset the value if a user changes it. Run the following powershell commands as an administrator:
    1. PS > Set-ExecutionPolicy Undefined -Force
    2. PS > Get-ExecutionPolicy -List MachinePolicy = Undefined UserPolicy = Undefined Process = Undefined CurrentUser = Undefined LocalMachine = Undefined
    3. PS > gpupdate /force /target: PS> Get-ExecutionPolicy -List MachinePolicy = Undefined UserPolicy = Undefined Process = Undefined CurrentUser = Undefined LocalMachine = RemoteSigned

CAUSE

Power Shell Script Execution is set via a local or Group Policy then this might override script execution permissions, even though the Advanced Monitoring Agent set this at execution time to RemoteSigned for any script.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255