“Turn on script execution” group policy setting missing

Want to configure PowerShell Remote Execution policy via Group Policy? Gone into Group Policy Management snap-in to find the mythicak “Turn on script execution” setting isn’t there? You’re probably using ADMX files. When you create the PolicyDefinitions share, Windows stops using the built in settings and only uses stuff inside this folder – that’s why you have to download ADMX files for Windows.

Despite this download claiming that it includes policy for PowerShell 3.0, it doesn’t, and MS don’t provide any other ADMX files for PowerShell. This download is an ADM file, which is no good to you.

Thanks to colonbackslash, you can create this files to recreate the missing policy entry.

Download these two files:
PowerShellExecutionPolicy.adml
PowerShellExecutionPolicy.admx

The ADMX file contains the settings and goes in PolicyDefinitions.
The ADML file contains the description of the settings and goes in PolicyDefinitions\en-us.

In case the files disappear, here is their content.

PolicyDefinitions\PowerShellExecutionPolicy.admx:

<policyDefinitions revision="1.0" schemaVersion="1.0">
<policyNamespaces>
<target prefix="fullarmor" namespace="FullArmor.Policies.3D487121_F89A_4576_AE77_46A7674B3102" />
<using prefix="windows" namespace="Microsoft.Policies.Windows" />
</policyNamespaces>
<supersededAdm fileName="C:\Users\jbullock\Desktop\PowerShellExecutionPolicy.adm" />
<resources minRequiredRevision="1.0" />
<supportedOn>
<definitions>
<definition name="SUPPORTED_XP" displayName="$(string.SUPPORTED_XP)" />
<definition name="SUPPORTED_NotSpecified" displayName="$(string.ADMXMigrator_NoSupportedOn)" />
</definitions>
</supportedOn>
<categories>
<category name="WindowsComponents" displayName="$(string.WindowsComponents)" />
<category name="PowerShell" displayName="$(string.PowerShell)">
<parentCategory ref="WindowsComponents" />
</category>
</categories>
<policies>
<policy name="EnableScripts" class="Machine" displayName="$(string.EnableScripts)" explainText="$(string.EnableScripts_Explain)" presentation="$(presentation.EnableScripts)" key="Software\Policies\Microsoft\Windows\PowerShell" valueName="EnableScripts">
<parentCategory ref="PowerShell" />
<supportedOn ref="SUPPORTED_XP" />
<elements>
<enum id="ExecutionPolicy" valueName="ExecutionPolicy" required="true">
<item displayName="$(string.AllScriptsSigned)">
<value>
<string>AllSigned</string>
</value>
</item>
<item displayName="$(string.RemoteSignedScripts)">
<value>
<string>RemoteSigned</string>
</value>
</item>
<item displayName="$(string.AllScripts)">
<value>
<string>Unrestricted</string>
</value>
</item>
</enum>
</elements>
</policy>
<policy name="EnableScripts_1" class="User" displayName="$(string.EnableScripts)" explainText="$(string.EnableScripts_Explain)" presentation="$(presentation.EnableScripts_1)" key="Software\Policies\Microsoft\Windows\PowerShell" valueName="EnableScripts">
<parentCategory ref="PowerShell" />
<supportedOn ref="SUPPORTED_XP" />
<elements>
<enum id="ExecutionPolicy" valueName="ExecutionPolicy" required="true">
<item displayName="$(string.AllScriptsSigned)">
<value>
<string>AllSigned</string>
</value>
</item>
<item displayName="$(string.RemoteSignedScripts)">
<value>
<string>RemoteSigned</string>
</value>
</item>
<item displayName="$(string.AllScripts)">
<value>
<string>Unrestricted</string>
</value>
</item>
</enum>
</elements>
</policy>
</policies>
</policyDefinitions>

PolicyDefinitions\en-us\PowerShellExecutionPolicy.adml:

<policyDefinitions revision="1.0" schemaVersion="1.0">
<policyNamespaces>
<target prefix="fullarmor" namespace="FullArmor.Policies.3D487121_F89A_4576_AE77_46A7674B3102" />
<using prefix="windows" namespace="Microsoft.Policies.Windows" />
</policyNamespaces>
<supersededAdm fileName="C:\Users\jbullock\Desktop\PowerShellExecutionPolicy.adm" />
<resources minRequiredRevision="1.0" />
<supportedOn>
<definitions>
<definition name="SUPPORTED_XP" displayName="$(string.SUPPORTED_XP)" />
<definition name="SUPPORTED_NotSpecified" displayName="$(string.ADMXMigrator_NoSupportedOn)" />
</definitions>
</supportedOn>
<categories>
<category name="WindowsComponents" displayName="$(string.WindowsComponents)" />
<category name="PowerShell" displayName="$(string.PowerShell)">
<parentCategory ref="WindowsComponents" />
</category>
</categories>
<policies>
<policy name="EnableScripts" class="Machine" displayName="$(string.EnableScripts)" explainText="$(string.EnableScripts_Explain)" presentation="$(presentation.EnableScripts)" key="Software\Policies\Microsoft\Windows\PowerShell" valueName="EnableScripts">
<parentCategory ref="PowerShell" />
<supportedOn ref="SUPPORTED_XP" />
<elements>
<enum id="ExecutionPolicy" valueName="ExecutionPolicy" required="true">
<item displayName="$(string.AllScriptsSigned)">
<value>
<string>AllSigned</string>
</value>
</item>
<item displayName="$(string.RemoteSignedScripts)">
<value>
<string>RemoteSigned</string>
</value>
</item>
<item displayName="$(string.AllScripts)">
<value>
<string>Unrestricted</string>
</value>
</item>
</enum>
</elements>
</policy>
<policy name="EnableScripts_1" class="User" displayName="$(string.EnableScripts)" explainText="$(string.EnableScripts_Explain)" presentation="$(presentation.EnableScripts_1)" key="Software\Policies\Microsoft\Windows\PowerShell" valueName="EnableScripts">
<parentCategory ref="PowerShell" />
<supportedOn ref="SUPPORTED_XP" />
<elements>
<enum id="ExecutionPolicy" valueName="ExecutionPolicy" required="true">
<item displayName="$(string.AllScriptsSigned)">
<value>
<string>AllSigned</string>
</value>
</item>
<item displayName="$(string.RemoteSignedScripts)">
<value>
<string>RemoteSigned</string>
</value>
</item>
<item displayName="$(string.AllScripts)">
<value>
<string>Unrestricted</string>
</value>
</item>
</enum>
</elements>
</policy>
</policies>
</policyDefinitions>

Advertisements

Finding memory in use when balloon driver is active

When the balloon driver kicks in on a Windows VM, the <strong>Performance</strong> tab in <strong>Task Manager</strong> will show nearly all the physical memory consumed. However, adding up the memory of each of the processes shown in the process list will likely not come anywhere near the amount of physical memory consumed. You’ll be left confused as to where the memory has gone. The answer is that is has been consumed by the balloon driver, because the host the VM is located on is running out of RAM.

You can defeat the balloon driver with a memory reservation on the VM, but how do you know how much to reserve? How much is actually being consumed by the processes that are running? Here’s a piece of PowerShell that will give you a decent estimate.

<code>
foreach($p in Get-Process)
{
&nbsp;&nbsp;&nbsp;$mem_used = $mem_used + $p.WorkingSet
}
Write-Host $(([int] ($mem_used / (1024 * 1024))).ToString() + “Mb”)
</code>

Office automation: Accessing constants such as xlCenter

When automating Office via COM using PowerShell, you can work out what methods to call using the Microsoft.Office.Interop Document Object Model or you can run Office, record a macro doing what you want, then edit it to see the VBA that would do what you want. From there it’s easy to find out what the methods and properties that you need are.

Something less obvious is when a method uses a constant, such as xlCenter, how can you access that constant? They’re stored in an enumeration called Constants. If anyone knows how to access these enumerations in PowerShell, please let me know. Otherwise, you have two methods.

Spy on the values in the Macro Editor

  1. Record a macro in Office that does what you want.
  2. Open it in the macro editor
  3. Start debugging it with Step into…
  4. Hover over the constant to see its value

Using the Macro Editor to find constant values

Look in the object model

Only works for constants like xlCenter.

  1. Find out what integer the constant corresponds to by finding it in this list (could be negative)
  2. Create an integer object set to this value
  3. Reference it in your COM call.

Example:

$excel = new-object -comobject Excel.Application
$workbooks = $excel.Workbooks.Add()
$worksheets = $workbooks.worksheets
$worksheet = $worksheets.Item(1)
$worksheet.Name = "Name of Worksheet"
$excel.Visible = $True
$worksheet.Cells.Item(3,3) = "Title of Excel Document"
$centre = [int] -4108
$worksheet.Cells.HorizontalAlignment = $centre