The documents say that the default execution policy of Powershell is
"Restricted". But it appears to me that whey you install Exchange server
2007, the policy is changed to "RemoteSigned". Is that correct? If so, how
can I run Exchange PS1 scripts with default security policy of PS. Thanks.

RD wrote:

> The documents say that the default execution policy of Powershell is
> "Restricted". But it appears to me that whey you install Exchange server
> 2007, the policy is changed to "RemoteSigned". Is that correct? If so, how
> can I run Exchange PS1 scripts with default security policy of PS. Thanks.

The default execution policy is 'restricted'. With that policy, you
won't be able to run scripts at all.

You need to determine what your security policy for writing and running
scripts will get.

Check out:
get-executionpolicy
and
set-executionpolicy

To set the default PS policy:
PSH> set-executionpolicy restricted

Marco

--
Microsoft MVP - Windows PowerShell
http://www.microsoft.com/mvp

PowerGadgets MVP
http://www.powergadgets.com/mvp

Blog:
http://marcoshaw.blogspot.com

But doing that, setting policy to "RemoteSigned", wouldn't compromise the
security? My basic question is how I would I run Exchange PS scripts in
background, like from win32 service or as scheduled job. Here are the options
I see but each has its drawbacks.
- Set the execution policy to "RemoteSigned" before running the scripts and
reset back to "restricted".
- If I set the policy to "AllSigned", I can't run as win32 service because
there will be a prompt.

I was wondering is there a better way to run the PS scripts as win32 service
without changing the default policy of powershell. Is creating new runspace
or shell would help? I'm new to Powershell and looking for some ideas.

RD

"Marco Shaw [MVP]" wrote:

> RD wrote:

> > The documents say that the default execution policy of Powershell is
> > "Restricted". But it appears to me that whey you install Exchange server
> > 2007, the policy is changed to "RemoteSigned". Is that correct? If so, how
> > can I run Exchange PS1 scripts with default security policy of PS. Thanks.

>
> The default execution policy is 'restricted'. With that policy, you
> won't be able to run scripts at all.
>
> You need to determine what your security policy for writing and running
> scripts will get.
>
> Check out:
> get-executionpolicy
> and
> set-executionpolicy
>
> To set the default PS policy:
> PSH> set-executionpolicy restricted
>
> Marco
>
> --
> Microsoft MVP - Windows PowerShell
> http://www.microsoft.com/mvp
>
> PowerGadgets MVP
> http://www.powergadgets.com/mvp
>
> Blog:
> http://marcoshaw.blogspot.com
>

http://blogs.technet.com/haroldwong/...-02-14-07.aspx

This Microsoft blog article states that the default execution policy of
Exchange Management shell is "RemoteSigned". I think that allow any 3rd party
scripts (using C:/Program Files/Microsoft/Exchange Server/bin/exshell.psc1
option) to run from win32 serivce.

"Marco Shaw [MVP]" wrote:

> RD wrote:

> > The documents say that the default execution policy of Powershell is
> > "Restricted". But it appears to me that whey you install Exchange server
> > 2007, the policy is changed to "RemoteSigned". Is that correct? If so, how
> > can I run Exchange PS1 scripts with default security policy of PS. Thanks.

>
> The default execution policy is 'restricted'. With that policy, you
> won't be able to run scripts at all.
>
> You need to determine what your security policy for writing and running
> scripts will get.
>
> Check out:
> get-executionpolicy
> and
> set-executionpolicy
>
> To set the default PS policy:
> PSH> set-executionpolicy restricted
>
> Marco
>
> --
> Microsoft MVP - Windows PowerShell
> http://www.microsoft.com/mvp
>
> PowerGadgets MVP
> http://www.powergadgets.com/mvp
>
> Blog:
> http://marcoshaw.blogspot.com
>

RD wrote:

> But doing that, setting policy to "RemoteSigned", wouldn't compromise the
> security? My basic question is how I would I run Exchange PS scripts in
> background, like from win32 service or as scheduled job. Here are the options
> I see but each has its drawbacks.
> - Set the execution policy to "RemoteSigned" before running the scripts and
> reset back to "restricted".
> - If I set the policy to "AllSigned", I can't run as win32 service because
> there will be a prompt.
>
> I was wondering is there a better way to run the PS scripts as win32 service
> without changing the default policy of powershell. Is creating new runspace
> or shell would help? I'm new to Powershell and looking for some ideas.

I'll read a bit on that in the next day or so. I wasn't aware Exchange
had a different default policy.

For starters, you shouldn't be considering running a PS script as a
service. PS isn't really useful/designed for that.

A scheduled job is a much better fit.

Marco


--
Microsoft MVP - Windows PowerShell
http://www.microsoft.com/mvp

PowerGadgets MVP
http://www.powergadgets.com/mvp

Blog:
http://marcoshaw.blogspot.com

Isn't that the only option to port existing Excahnge 2003 service application
using VB script and COM client program to port to Exchange 2007?


"Marco Shaw [MVP]" wrote:

> I'll read a bit on that in the next day or so. I wasn't aware Exchange
> had a different default policy.
>
> For starters, you shouldn't be considering running a PS script as a
> service. PS isn't really useful/designed for that.
>
> A scheduled job is a much better fit.
>
> Marco
>
>
> --
> Microsoft MVP - Windows PowerShell
> http://www.microsoft.com/mvp
>
> PowerGadgets MVP
> http://www.powergadgets.com/mvp
>
> Blog:
> http://marcoshaw.blogspot.com
>

RD wrote:

> Isn't that the only option to port existing Excahnge 2003 service application
> using VB script and COM client program to port to Exchange 2007?

I don't know that much about Exchange, so I'll have to do some research...

Marco

--
Microsoft MVP - Windows PowerShell
http://www.microsoft.com/mvp

PowerGadgets MVP
http://www.powergadgets.com/mvp

Blog:
http://marcoshaw.blogspot.com

I'm in process of installing Exchange 2007. After I installed PowerShell 1.0
(KB926139) as part of prerequisite, I checked the execution policy through
cmdlet "Get-ExecutionPolicy" and it returns "Restricted". However there is no
value key named "ExecutionPolicy" under
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell". Strange!

"Marco Shaw [MVP]" wrote:

> RD wrote:

> > Isn't that the only option to port existing Excahnge 2003 service application
> > using VB script and COM client program to port to Exchange 2007?

>
> I don't know that much about Exchange, so I'll have to do some research...
>
> Marco
>
> --
> Microsoft MVP - Windows PowerShell
> http://www.microsoft.com/mvp
>
> PowerGadgets MVP
> http://www.powergadgets.com/mvp
>
> Blog:
> http://marcoshaw.blogspot.com
>

I installed Exchange 2007 EE and now Execution policy is "RemoteSigned". The
registry value for it is also created and set to "RemoteSigned". I also
noticed that there a new log file created in EventViwer "PowerShell". Does
any one know how this works.

Thanks.

"RD" wrote:

> I'm in process of installing Exchange 2007. After I installed PowerShell 1.0
> (KB926139) as part of prerequisite, I checked the execution policy through
> cmdlet "Get-ExecutionPolicy" and it returns "Restricted". However there is no
> value key named "ExecutionPolicy" under
> "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell". Strange!
>
> "Marco Shaw [MVP]" wrote:
>

> > RD wrote:

> > > Isn't that the only option to port existing Excahnge 2003 service application
> > > using VB script and COM client program to port to Exchange 2007?

> >
> > I don't know that much about Exchange, so I'll have to do some research...
> >
> > Marco
> >
> > --
> > Microsoft MVP - Windows PowerShell
> > http://www.microsoft.com/mvp
> >
> > PowerGadgets MVP
> > http://www.powergadgets.com/mvp
> >
> > Blog:
> > http://marcoshaw.blogspot.com
> >

Hi RD,

I've put an explanation here:
http://www.leeholmes.com/blog/3rdPar...nPolicies.aspx

--
Lee Holmes [MSFT]
Windows PowerShell Development
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.


"RD" <RD@xxxxxx> wrote in message
news:A9CADFAB-E9B9-4E89-AFA5-556DBBD14D2E@xxxxxx

> The documents say that the default execution policy of Powershell is
> "Restricted". But it appears to me that whey you install Exchange server
> 2007, the policy is changed to "RemoteSigned". Is that correct? If so, how
> can I run Exchange PS1 scripts with default security policy of PS. Thanks.