none
Cannot Execute Scripts from UNC Despite GPOs Allowing Me To Do So RRS feed

  • Question

  • Hello! 

    I'm having an issue getting scripts to execute from a UNC share.

    I have followed in instructions in the below two blog postings:

    I have also used Group Policy to set the execution policy to Unrestricted for the MachinePolicy and UserPolicy scopes:

    PS C:\> Get-ExecutionPolicy -List | Ft -AutoSize

            Scope ExecutionPolicy
            ----- ---------------
    MachinePolicy    Unrestricted
       UserPolicy    Unrestricted
          Process       Undefined
      CurrentUser       Undefined
     LocalMachine    RemoteSigned

    Unfortunately, I am still getting the following prompt when executing a script from a remote share:

    \\Server1\Share\Install-Something.ps1 -Parameter1 Value1 -Parameter2 Value2

    Security warning
    Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your
    computer. If you trust this script, use the Unblock-File cmdlet to allow the script to run without this warning
    message. Do you want to run
    \\tlehmann.vcs.coaxis.net\Source\QA_Automation\QA_Repository\Scripts\Installation\AutoBuildv2\Install-AutoBuild.ps1?
    [D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D"): r

    I have executed GPRESULT and it states the GPOs are being applied successfully.

    Why am I still getting this prompt? Please help before I go crazy.

    Monday, October 27, 2014 8:45 PM

Answers

  • You set your policy to RemoteSigned which is the recommended relaxed setting.  That will work with classic UNC paths which are included in the local zone.  The long FQDN version is not included by default.  It is seen as a foreign UNC.


    ¯\_(ツ)_/¯

    • Marked as answer by Osomos Monday, October 27, 2014 9:45 PM
    Monday, October 27, 2014 9:03 PM

All replies

  • AS IS ALWAYS THE CASE, ONCE I ASK FOR HELP I FIND AN ANSWER ON MY OWN.

    <FrustratedSquabbling>fhj19387ruasd;lkfj rlkghkushdvas907faihsc</FrustratedSquabbling>

    When I entered the UNC path, I was entering an FQDN and not a NETBios name (e.g. \\Server1.domain.com\Share\Script1.ps1 vs \\Server\Share\Script1.ps1)

    Can someone help me understand WHY the FQDN did this to me?


    PowerShell Extraordinaire - The Toddle

    Monday, October 27, 2014 8:50 PM
  • No reason.  You probably typed it wrong.


    ¯\_(ツ)_/¯

    Monday, October 27, 2014 8:56 PM
  • You set your policy to RemoteSigned which is the recommended relaxed setting.  That will work with classic UNC paths which are included in the local zone.  The long FQDN version is not included by default.  It is seen as a foreign UNC.


    ¯\_(ツ)_/¯

    • Marked as answer by Osomos Monday, October 27, 2014 9:45 PM
    Monday, October 27, 2014 9:03 PM