SQL2K8R2 BPA and Powershell execution settings

It seems there´s another little lesson I have learned.

I try to run the BPA for a few days right now but every time I start the Microsoft Baseline Configuration Analyzer (MBCA), an error message comes up saying that the execution policy is overridden by a policy at a more specific scope. I have also made an entry in msdn forum regarding that behaviour.

Today I had a little bit more time to give it another try.

By default, the PS execution policy is set to restricted. Here is a quote from the SQL Server 2008 R2 Best Practice Analyzer Whitepaper:

The PowerShell Execution Policy is set to Restricted by default. To run SQL Server 2008 R2 BPA through the PowerShell command Line, set the policy to RemoteSigned using the below command:

Set-ExecutionPolicy RemoteSigned -f

You can use the command Set-ExecutionPolicy Restricted –f to set the execution policy back to restricted. This command is not required when executing the scan through the MBCA GUI.”

In the environment I want to use the BPA a group policy sets the execution policy to unrestricted for both, machine policy and user policy. I suppose that is already my “issue” why I cannot run the MBCA.

Imagine the “order” of the different execution scopes:

                  Scope    ExecutionPolicy
                  -----    ---------------
          MachinePolicy          Unrestricted
             UserPolicy          Unrestricted
                Process          Undefined
            CurrentUser          Unrestricted
           LocalMachine          Unrestricted


So, if I start the MBCA it runs Set-ExecutionPolicy Remotesigned –f in the background. Without defining any scope, the command sets the execution policy for ‘LocalMachine’.

But since there is a gpo which sets the MachinePolicy to unrestricted, “our” command fails with the message “Windows Powershell updated your execution policy successfully, but the setting is overridden by a policy defined at a more specific scope. Due to this override, your shell will retain its current effective execution policy of ‚unrestricted’”

During this week I will try to test different group policy settings. The good thing is: you can run the SQL Server 2K8 R2 BPA from the Powershell. A description can be found in the above mentioned whitepaper.


Über Dirk Hondong

A MS server and ms sql server admin guy from germany. want to improve my skills a little bit, sharing my daily experience
Dieser Beitrag wurde unter SQL Server abgelegt und mit verschlagwortet. Setze ein Lesezeichen auf den Permalink.

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:


Du kommentierst mit Deinem WordPress.com-Konto. Abmelden /  Ändern )

Google Foto

Du kommentierst mit Deinem Google-Konto. Abmelden /  Ändern )


Du kommentierst mit Deinem Twitter-Konto. Abmelden /  Ändern )


Du kommentierst mit Deinem Facebook-Konto. Abmelden /  Ändern )

Verbinde mit %s