It seems there´s another little lesson I have learned.
I try to run the BPA for a few days right now but every time I start the Microsoft Baseline Configuration Analyzer (MBCA), an error message comes up saying that the execution policy is overridden by a policy at a more specific scope. I have also made an entry in msdn forum regarding that behaviour.
Today I had a little bit more time to give it another try.
By default, the PS execution policy is set to restricted. Here is a quote from the SQL Server 2008 R2 Best Practice Analyzer Whitepaper:
“The PowerShell Execution Policy is set to Restricted by default. To run SQL Server 2008 R2 BPA through the PowerShell command Line, set the policy to RemoteSigned using the below command:
Set-ExecutionPolicy RemoteSigned -f
You can use the command Set-ExecutionPolicy Restricted –f to set the execution policy back to restricted. This command is not required when executing the scan through the MBCA GUI.”
In the environment I want to use the BPA a group policy sets the execution policy to unrestricted for both, machine policy and user policy. I suppose that is already my “issue” why I cannot run the MBCA.
Imagine the “order” of the different execution scopes:
Scope ExecutionPolicy ----- --------------- MachinePolicy Unrestricted UserPolicy Unrestricted Process Undefined CurrentUser Unrestricted LocalMachine Unrestricted
So, if I start the MBCA it runs Set-ExecutionPolicy Remotesigned –f in the background. Without defining any scope, the command sets the execution policy for ‘LocalMachine’.
But since there is a gpo which sets the MachinePolicy to unrestricted, “our” command fails with the message “Windows Powershell updated your execution policy successfully, but the setting is overridden by a policy defined at a more specific scope. Due to this override, your shell will retain its current effective execution policy of ‚unrestricted’”
During this week I will try to test different group policy settings. The good thing is: you can run the SQL Server 2K8 R2 BPA from the Powershell. A description can be found in the above mentioned whitepaper.