Set-ExecutionPolicy: Can not set execution policy

Hello their maledetos nerds !!! ehehehehe

When trying to run a certain PS script remotely on an Exchange server, I came across the following error message:

. \ UpdateIndexAllMailboxDatabases.ps1: File C: \ Temp \ SCRIPTS \ EXCHANGE \UpdateIndexAllMailboxDatabases.ps1 can not be loaded. The file C: \ Temp \ SCRIPTS \ EXCHANGE \UpdateIndexAllMailboxDatabases.ps1 is not digitally signed. The script will not execute on the system. Please see "get-help about_signing" for more details ..
At line: 1 char: 37

... After a Get-ExecutionPolicy had the RemoteSigned return .There think twice !!! Set-ExecutionPolicy Unrestricted and was returned the following message:

Execution Policy Change
The execution policy helps protect you from scripts That You do not trust. Changing the execution policy might expose you to the security risks described in the help topic at about_Execution_Policies
http://go.microsoft.com/fwlink/?LinkID=135170 . Do you want to change the execution policy?
[Y] Yes [N] No [S] Suspend Help (default is "Y") [?] Y
Set-ExecutionPolicy: Windows PowerShell execution policy successfully updated your, but the setting is overridden by
the policy defined at a more specific scope. Due to the override, your shell will retain its current effective
execution of policy RemoteSigned. Type "Get-ExecutionPolicy -List" to view your execution policy settings.For more
information please see "Get-Help Set-ExecutionPolicy".
At line: 1 char: 1
+ Set-ExecutionPolicy Unrestricted
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo: PermissionDenied: (:) [Set-ExecutionPolicy] SecurityException
+ FullyQualifiedErrorId: ExecutionPolicyOverride, Microsoft.PowerShell.Commands.SetExecutionPolicyCommand

As recommended in the message, I ran the cmdlet to list the policy of execution policy by scope

Get-ExecutionPolicy -List

Scope ExecutionPolicy
- -----
MachinePolicy RemoteSigned
UserPolicy Undefined
Process Undefined
CurrentUser Undefined
LocalMachine RemoteSigned

... Immediately I performed the following Set-ExecutionPolicy -Scope MachinePolicy -executionpolicy Bypass command for the policy to be released ... ops:

Set-ExecutionPolicy: Can not set execution policy. Execution policies at the MachinePolicy or UserPolicy scopes must beset through Group Policy.

To correct this error, we are forced to make this modification directly in season record:

HKLM: \ Software \ Policies \ Microsoft \ Windows \ PowerShell and change the value ExecutionPolicy   toBypass.

By rerunning the command to list the scope for policy, we realize that now really the setting was uncommitted !!

Get-ExecutionPolicy -List

Scope ExecutionPolicy
- -----
MachinePolicy Bypass
UserPolicy Undefined
Process Undefined
CurrentUser Undefined
LocalMachine RemoteSigned

Then I could run my script and they all lived happily ever after!

Verifying GPO Replication

How will my dear readers !!

I am in a constant search for a script that brings me the replication time of Sysvol ... remembering that the environment in question is "Windows Server 2003" as functional mode domain; that is, we only have the ability to replicate the Sysvol with FRS ... who can help ... .eheheheheh

... During this journey, I came across a very cool function called Get-ADGPOReplication filtering results of the cmdlet Get-GPO so we can compare the versions of each GPO Sysvol on all domain DCs !! So we can verify that replication as well as the policy objects are consistent throughout the domain ... I know at this time hit that will thrill cry !!

Below function code:

function Get-ADGPOReplication
{
<#
.SYNOPSIS
This function retrieve one or all the GPO and Their report DSVersions and SysVolVersions (Users and Computers)
.DESCRIPTION
This function retrieve one or all the GPO and Their report DSVersions and SysVolVersions (Users and Computers)
.PARAMETER GPOName
Specify the name of the GPO
All .PARAMETER
Specify That You want to retrieve all the GPO (slow if you have a lot of Domain Controllers)
.EXAMPLE
Get-ADGPOReplication -GPOName "Default Domain Policy"
.EXAMPLE
Get-ADGPOReplication -All
.NOTES
Francois-Xavier Cat
lazywinadm
lazywinadmin.com

VERSION HISTORY
1.0 22/09/2014 Initial version
Adding some more Error Handling
Fix some typo
#>
#requires -version 3
[CmdletBinding ()]
PARAM (
[Parameter (Mandatory = $ True, ParameterSetName = "One")]
[String []] $ GPOName,
[Parameter (Mandatory = $ True, ParameterSetName = "All")]
[Switch] $ All
)
BEGIN
{
TRY
{
if (-not (Get-Module ActiveDirectory -Name)) {Import-Module ActiveDirectory -Name -ErrorAction Stop -ErrorVariable ErrorBeginIpmoAD}
if (-not (Get-Module -Name GroupPolicy)) {Import-Module -Name GroupPolicy -ErrorAction Stop -ErrorVariable ErrorBeginIpmoGP}
}
CATCH
{
Write-Warning -Message "[BEGIN] Something wrong happened"
IF ($ ErrorBeginIpmoAD) {Write-Warning -Message "[BEGIN] Error while Importing the module Active Directory"}
IF ($ ErrorBeginIpmoGP) {Write-Warning -Message "[BEGIN] Error while Importing the module Group Policy"}
Write-Warning -Message "[BEGIN] $ ($ Error [0] .exception.message)"
}
}
PROCESS
{
FOREACH ($ DomainController in ((Get-ADDomainController -ErrorAction Stop -ErrorVariable ErrorProcessGetDC -filter *). Hostname))
{
TRY
{
IF ($ psBoundParameters ['GPOName'])
{
Foreach ($ GPOItem in $ GPOName)
{
$ GPO = Get-GPO -Name $ GPOItem -Server $ DomainController -ErrorAction Stop -ErrorVariable ErrorProcessGetGPO

[PSCustomObject] [ordered] {@
GroupPolicyName = $ GPOItem
DomainController = $ DomainController
UserVersion = $ GPO.User.DSVersion
UserSysVolVersion = $ GPO.User.SysvolVersion
ComputerVersion = $ GPO.Computer.DSVersion
ComputerSysVolVersion = $ GPO.Computer.SysvolVersion
} #PSObject
} #Foreach ($ GPOItem in $ GPOName)
} #IF ($ PsBoundParameters ['GPOName'])
IF ($ psBoundParameters ['All'])
{
$ GPOList = Get-GPO -All -Server $ DomainController -ErrorAction Stop -ErrorVariable ErrorProcessGetGPOAll

foreach ($ GPO in $ GPOList)
{
[PSCustomObject] [ordered] {@
GroupPolicyName = $ GPO.DisplayName
DomainController = $ DomainController
UserVersion = $ GPO.User.DSVersion
UserSysVolVersion = $ GPO.User.SysvolVersion
ComputerVersion = $ GPO.Computer.DSVersion
ComputerSysVolVersion = $ GPO.Computer.SysvolVersion
} #PSObject
}
} #IF ($ PsBoundParameters ['All'])
} #TRY
CATCH
{
Write-Warning -Message "[PROCESS] Something wrong happened"
IF ($ ErrorProcessGetDC) {Write-Warning -Message "[PROCESS] Error while running retrieving Domain Controllers with Get-ADDomainController"}
IF ($ ErrorProcessGetGPO) {Write-Warning -Message "[PROCESS] Error while running Get-GPO"}
IF ($ ErrorProcessGetGPOAll) {Write-Warning -Message "[PROCESS] Error while running Get-GPO -All"}
Write-Warning -Message "[PROCESS] $ ($ Error [0] .exception.message)"
}
} #FOREACH
} #PROCESS
}

1. Create a .ps1 file containing the code above, or download it here
2. Run the script in PS ISE as administrator
3. Run the function !!

We have some syntax options, such as:

To bring the result of a single GPO:

Get-ADGPOReplication -GPOName "Default Domain Policy"

To bring the result of some policies:

Get-ADGPOReplication -GPOName "Default Domain Policy", "Default Domain Controllers Policy"

To bring its results for the All Policies:

Get-ADGPOReplication -All

We can also improve the filters with the following command:

Get-ADGPOReplication -all | Out-GridView -Title "GPO Verify $ (Get-Date)"

... Now we just need to be able to filter the time required for a change in Sysvol, is uncommitted in all domain DC's.

Limiting the size of pst file

A critical point in the administration of any network is the file used to archive e-mail messages from Microsoft Outlook clients, the famous ´ s pst files.

Something critical in administering these important files is the administration of the same size, since a very large PST in addition to causing slowness in searches of messages, the large size can (and probably will) cause corruption of the file.

For Microsoft Outlook 2003 and 2007 (not yet tested in 2010 … .. but I believe that works well) we limit the size of PST by changing registry keys on the workstations.

Here's a link:

http://support.microsoft.com