We have some Nagios checks that connects to a Windows server and runs a script. This script is not signed, and our admin had set the script exeuction policy for the server, about a year ago, to... unrestricted I believe. Whatever policy is the least secure.
What's happening now (this is an Exchange server FYI) is that at least once a day, the execution policy is being changed such that our Nagios check breaks. Our Windows admin goes to manually force the policy back to unrestricted, but the same thing happens.
Now, I don't really care of have the knowledge to get into a debate about whether this is or isn't good for security. But what our admin was wondering, and I am too, is how we can identify what is changing the policy "out from under us", and put an end to it?
After all, who's to say we don't change our minds to go with a more secure policy, only to have THAT one yanked out from under us.
Any insight is greatly appreciated. Let me know if I can track down any other helpful details.
Execution policies are not a security system, so the change could have been made by anyone with admin rights or via group policy. The simplest way to prevent scripts from being broken by the security policy is to use the bypass execution policy when invoking the script. EG:
powershell -executionpolicy bypass -file .\myscriptfile.ps1For more details see PowerShell.exe Console Help