“Turn on script execution” group policy setting missing

Want to configure PowerShell Remote Execution policy via Group Policy? Gone into Group Policy Management snap-in to find the mythicak “Turn on script execution” setting isn’t there? You’re probably using ADMX files. When you create the PolicyDefinitions share, Windows stops using the built in settings and only uses stuff inside this folder – that’s why you have to download ADMX files for Windows.

Despite this download claiming that it includes policy for PowerShell 3.0, it doesn’t, and MS don’t provide any other ADMX files for PowerShell. This download is an ADM file, which is no good to you.

Thanks to colonbackslash, you can create this files to recreate the missing policy entry.

Download these two files:
PowerShellExecutionPolicy.adml
PowerShellExecutionPolicy.admx

The ADMX file contains the settings and goes in PolicyDefinitions.
The ADML file contains the description of the settings and goes in PolicyDefinitions\en-us.

In case the files disappear, here is their content.

PolicyDefinitions\PowerShellExecutionPolicy.admx:

<policyDefinitions revision="1.0" schemaVersion="1.0">
<policyNamespaces>
<target prefix="fullarmor" namespace="FullArmor.Policies.3D487121_F89A_4576_AE77_46A7674B3102" />
<using prefix="windows" namespace="Microsoft.Policies.Windows" />
</policyNamespaces>
<supersededAdm fileName="C:\Users\jbullock\Desktop\PowerShellExecutionPolicy.adm" />
<resources minRequiredRevision="1.0" />
<supportedOn>
<definitions>
<definition name="SUPPORTED_XP" displayName="$(string.SUPPORTED_XP)" />
<definition name="SUPPORTED_NotSpecified" displayName="$(string.ADMXMigrator_NoSupportedOn)" />
</definitions>
</supportedOn>
<categories>
<category name="WindowsComponents" displayName="$(string.WindowsComponents)" />
<category name="PowerShell" displayName="$(string.PowerShell)">
<parentCategory ref="WindowsComponents" />
</category>
</categories>
<policies>
<policy name="EnableScripts" class="Machine" displayName="$(string.EnableScripts)" explainText="$(string.EnableScripts_Explain)" presentation="$(presentation.EnableScripts)" key="Software\Policies\Microsoft\Windows\PowerShell" valueName="EnableScripts">
<parentCategory ref="PowerShell" />
<supportedOn ref="SUPPORTED_XP" />
<elements>
<enum id="ExecutionPolicy" valueName="ExecutionPolicy" required="true">
<item displayName="$(string.AllScriptsSigned)">
<value>
<string>AllSigned</string>
</value>
</item>
<item displayName="$(string.RemoteSignedScripts)">
<value>
<string>RemoteSigned</string>
</value>
</item>
<item displayName="$(string.AllScripts)">
<value>
<string>Unrestricted</string>
</value>
</item>
</enum>
</elements>
</policy>
<policy name="EnableScripts_1" class="User" displayName="$(string.EnableScripts)" explainText="$(string.EnableScripts_Explain)" presentation="$(presentation.EnableScripts_1)" key="Software\Policies\Microsoft\Windows\PowerShell" valueName="EnableScripts">
<parentCategory ref="PowerShell" />
<supportedOn ref="SUPPORTED_XP" />
<elements>
<enum id="ExecutionPolicy" valueName="ExecutionPolicy" required="true">
<item displayName="$(string.AllScriptsSigned)">
<value>
<string>AllSigned</string>
</value>
</item>
<item displayName="$(string.RemoteSignedScripts)">
<value>
<string>RemoteSigned</string>
</value>
</item>
<item displayName="$(string.AllScripts)">
<value>
<string>Unrestricted</string>
</value>
</item>
</enum>
</elements>
</policy>
</policies>
</policyDefinitions>

PolicyDefinitions\en-us\PowerShellExecutionPolicy.adml:

<policyDefinitions revision="1.0" schemaVersion="1.0">
<policyNamespaces>
<target prefix="fullarmor" namespace="FullArmor.Policies.3D487121_F89A_4576_AE77_46A7674B3102" />
<using prefix="windows" namespace="Microsoft.Policies.Windows" />
</policyNamespaces>
<supersededAdm fileName="C:\Users\jbullock\Desktop\PowerShellExecutionPolicy.adm" />
<resources minRequiredRevision="1.0" />
<supportedOn>
<definitions>
<definition name="SUPPORTED_XP" displayName="$(string.SUPPORTED_XP)" />
<definition name="SUPPORTED_NotSpecified" displayName="$(string.ADMXMigrator_NoSupportedOn)" />
</definitions>
</supportedOn>
<categories>
<category name="WindowsComponents" displayName="$(string.WindowsComponents)" />
<category name="PowerShell" displayName="$(string.PowerShell)">
<parentCategory ref="WindowsComponents" />
</category>
</categories>
<policies>
<policy name="EnableScripts" class="Machine" displayName="$(string.EnableScripts)" explainText="$(string.EnableScripts_Explain)" presentation="$(presentation.EnableScripts)" key="Software\Policies\Microsoft\Windows\PowerShell" valueName="EnableScripts">
<parentCategory ref="PowerShell" />
<supportedOn ref="SUPPORTED_XP" />
<elements>
<enum id="ExecutionPolicy" valueName="ExecutionPolicy" required="true">
<item displayName="$(string.AllScriptsSigned)">
<value>
<string>AllSigned</string>
</value>
</item>
<item displayName="$(string.RemoteSignedScripts)">
<value>
<string>RemoteSigned</string>
</value>
</item>
<item displayName="$(string.AllScripts)">
<value>
<string>Unrestricted</string>
</value>
</item>
</enum>
</elements>
</policy>
<policy name="EnableScripts_1" class="User" displayName="$(string.EnableScripts)" explainText="$(string.EnableScripts_Explain)" presentation="$(presentation.EnableScripts_1)" key="Software\Policies\Microsoft\Windows\PowerShell" valueName="EnableScripts">
<parentCategory ref="PowerShell" />
<supportedOn ref="SUPPORTED_XP" />
<elements>
<enum id="ExecutionPolicy" valueName="ExecutionPolicy" required="true">
<item displayName="$(string.AllScriptsSigned)">
<value>
<string>AllSigned</string>
</value>
</item>
<item displayName="$(string.RemoteSignedScripts)">
<value>
<string>RemoteSigned</string>
</value>
</item>
<item displayName="$(string.AllScripts)">
<value>
<string>Unrestricted</string>
</value>
</item>
</enum>
</elements>
</policy>
</policies>
</policyDefinitions>

Advertisements