“Turn on script execution” group policy setting missing

Want to configure PowerShell Remote Execution policy via Group Policy? Gone into Group Policy Management snap-in to find the mythicak “Turn on script execution” setting isn’t there? You’re probably using ADMX files. When you create the PolicyDefinitions share, Windows stops using the built in settings and only uses stuff inside this folder – that’s why you have to download ADMX files for Windows.

Despite this download claiming that it includes policy for PowerShell 3.0, it doesn’t, and MS don’t provide any other ADMX files for PowerShell. This download is an ADM file, which is no good to you.

Thanks to colonbackslash, you can create this files to recreate the missing policy entry.

Download these two files:
PowerShellExecutionPolicy.adml
PowerShellExecutionPolicy.admx

The ADMX file contains the settings and goes in PolicyDefinitions.
The ADML file contains the description of the settings and goes in PolicyDefinitions\en-us.

In case the files disappear, here is their content.

PolicyDefinitions\PowerShellExecutionPolicy.admx:

<policyDefinitions revision="1.0" schemaVersion="1.0">
<policyNamespaces>
<target prefix="fullarmor" namespace="FullArmor.Policies.3D487121_F89A_4576_AE77_46A7674B3102" />
<using prefix="windows" namespace="Microsoft.Policies.Windows" />
</policyNamespaces>
<supersededAdm fileName="C:\Users\jbullock\Desktop\PowerShellExecutionPolicy.adm" />
<resources minRequiredRevision="1.0" />
<supportedOn>
<definitions>
<definition name="SUPPORTED_XP" displayName="$(string.SUPPORTED_XP)" />
<definition name="SUPPORTED_NotSpecified" displayName="$(string.ADMXMigrator_NoSupportedOn)" />
</definitions>
</supportedOn>
<categories>
<category name="WindowsComponents" displayName="$(string.WindowsComponents)" />
<category name="PowerShell" displayName="$(string.PowerShell)">
<parentCategory ref="WindowsComponents" />
</category>
</categories>
<policies>
<policy name="EnableScripts" class="Machine" displayName="$(string.EnableScripts)" explainText="$(string.EnableScripts_Explain)" presentation="$(presentation.EnableScripts)" key="Software\Policies\Microsoft\Windows\PowerShell" valueName="EnableScripts">
<parentCategory ref="PowerShell" />
<supportedOn ref="SUPPORTED_XP" />
<elements>
<enum id="ExecutionPolicy" valueName="ExecutionPolicy" required="true">
<item displayName="$(string.AllScriptsSigned)">
<value>
<string>AllSigned</string>
</value>
</item>
<item displayName="$(string.RemoteSignedScripts)">
<value>
<string>RemoteSigned</string>
</value>
</item>
<item displayName="$(string.AllScripts)">
<value>
<string>Unrestricted</string>
</value>
</item>
</enum>
</elements>
</policy>
<policy name="EnableScripts_1" class="User" displayName="$(string.EnableScripts)" explainText="$(string.EnableScripts_Explain)" presentation="$(presentation.EnableScripts_1)" key="Software\Policies\Microsoft\Windows\PowerShell" valueName="EnableScripts">
<parentCategory ref="PowerShell" />
<supportedOn ref="SUPPORTED_XP" />
<elements>
<enum id="ExecutionPolicy" valueName="ExecutionPolicy" required="true">
<item displayName="$(string.AllScriptsSigned)">
<value>
<string>AllSigned</string>
</value>
</item>
<item displayName="$(string.RemoteSignedScripts)">
<value>
<string>RemoteSigned</string>
</value>
</item>
<item displayName="$(string.AllScripts)">
<value>
<string>Unrestricted</string>
</value>
</item>
</enum>
</elements>
</policy>
</policies>
</policyDefinitions>

PolicyDefinitions\en-us\PowerShellExecutionPolicy.adml:

<policyDefinitions revision="1.0" schemaVersion="1.0">
<policyNamespaces>
<target prefix="fullarmor" namespace="FullArmor.Policies.3D487121_F89A_4576_AE77_46A7674B3102" />
<using prefix="windows" namespace="Microsoft.Policies.Windows" />
</policyNamespaces>
<supersededAdm fileName="C:\Users\jbullock\Desktop\PowerShellExecutionPolicy.adm" />
<resources minRequiredRevision="1.0" />
<supportedOn>
<definitions>
<definition name="SUPPORTED_XP" displayName="$(string.SUPPORTED_XP)" />
<definition name="SUPPORTED_NotSpecified" displayName="$(string.ADMXMigrator_NoSupportedOn)" />
</definitions>
</supportedOn>
<categories>
<category name="WindowsComponents" displayName="$(string.WindowsComponents)" />
<category name="PowerShell" displayName="$(string.PowerShell)">
<parentCategory ref="WindowsComponents" />
</category>
</categories>
<policies>
<policy name="EnableScripts" class="Machine" displayName="$(string.EnableScripts)" explainText="$(string.EnableScripts_Explain)" presentation="$(presentation.EnableScripts)" key="Software\Policies\Microsoft\Windows\PowerShell" valueName="EnableScripts">
<parentCategory ref="PowerShell" />
<supportedOn ref="SUPPORTED_XP" />
<elements>
<enum id="ExecutionPolicy" valueName="ExecutionPolicy" required="true">
<item displayName="$(string.AllScriptsSigned)">
<value>
<string>AllSigned</string>
</value>
</item>
<item displayName="$(string.RemoteSignedScripts)">
<value>
<string>RemoteSigned</string>
</value>
</item>
<item displayName="$(string.AllScripts)">
<value>
<string>Unrestricted</string>
</value>
</item>
</enum>
</elements>
</policy>
<policy name="EnableScripts_1" class="User" displayName="$(string.EnableScripts)" explainText="$(string.EnableScripts_Explain)" presentation="$(presentation.EnableScripts_1)" key="Software\Policies\Microsoft\Windows\PowerShell" valueName="EnableScripts">
<parentCategory ref="PowerShell" />
<supportedOn ref="SUPPORTED_XP" />
<elements>
<enum id="ExecutionPolicy" valueName="ExecutionPolicy" required="true">
<item displayName="$(string.AllScriptsSigned)">
<value>
<string>AllSigned</string>
</value>
</item>
<item displayName="$(string.RemoteSignedScripts)">
<value>
<string>RemoteSigned</string>
</value>
</item>
<item displayName="$(string.AllScripts)">
<value>
<string>Unrestricted</string>
</value>
</item>
</enum>
</elements>
</policy>
</policies>
</policyDefinitions>

Advertisements

Sysprep error 0x80100101

Whilst trying to sysprep a Windows Server 2008 R2 template I received the following error:

“A fatal error occurred while trying to sysprep the machine”

Lots of different problems can cause this error, and you need to go into the sysprep log to find out which one. Theere’s several copies lying around, so make sure you find the one with the last modified time of a few seconds ago. It should be in %WINDOWS%\system32\sysprep\Panther\setupact.log at the end.

I found this at the end:

Error [0x0f00a8] SYSPRP WinMain:Hit failure while processing sysprep cleanup providers; hr = 0x80100101

I already had SkipRearm in my unattended file, and I was setting the GeneralizationState reg values to the appropriate settings each time with a batch script, having hit that issue already, and this approach had been working consistently for ages. In this case, I additionally did:


msdtc -uninstall
msdtc -install

and then rebooted. Sysprep then ran OK.

HMRC form CT600 on Linux

In 2011, CT600 worked on Linux if you followed some complicated steps to manually import the SSL certificates from Companies House and HMRC websites. In 2012, it broke, with no amount of manual importing resolving the error

SSL Error!!!. Please install the CA Certificate(s) for SSL communication. If certificate resides on local disk, try "acroread -installCertificate [-PEM|-DER] [pathname]" on the command line. If certificate resides on the server, try "acroread -installCertificate xmlgw.companieshouse.gov.uk 443" on command line.

HMRC helpdesk were clueless, sending me back the forum link I had sent them, and asking me to make sure that I was using Adobe Reader. The good news is that I attempted to use it again yesterday, and it all just worked without any fiddling. I used Adobe Reader 9.5.3 32-bit on Ubuntu 12.10 64-bit. Just follow HMRC’s instuctions on fiddling with Adobe Reader’s security settings, and all should be well.

Also see my post on Adobe Reader on 64-bit Linux.

Ubuntu 12.04 CD or DVD fails to boot on UEFI machines with ‘error: “prefix” not set’

Downloaded the Ubuntu 12.04 ISO? Failed to boot from it with this error? Checked the hash of the ISO and it seems correct? Thoroughly confused? grkrishna1984 is your man. Whilst I was sceptical at first, his advice proved good. There is indeed a file called “ubuntu” in the root of the ISO, and removing it seems to solve the problem.

The ISO Master program he refers to is available on Linux and Windows. Simply use it to open up the ISO file, and remove the offending file:

Then File > Save As and burn to CD.

Sony Vaio S1511 hard disk swap for SSD

Yes, you too can do it, and with one screwdriver.

I spent a fair while browsing laptops to find one that would suit my needs. What I wanted was a 15″ 1080p ultrabook. What I discovered is that there weren’t many. Many Spring 2012 blogs were predicting them, but in Aug 2012 there were just a few to choose from. Anyhoo, I ended up with a Sony Vaio S 15. My previous (now blown up) laptop was an i7, and in the two years it was alive, it was hardly ever pushed beyond 3%, so I decided not to waste the money and dropped down to i5. Extra memory I can get anywhere cheaply, so I didn’t see the need to pay Sony a premium for that either. What I did want was an SSD, as in other computers I work on it has introduced a step change in the speed I work at. Problem was, Sony wanted £400 for a 256Gb SSD. I beg your pardon? £400? Not sure what planet they’re on, when a very well reviewed SSD can be bought on Amazon for £150. So I wanted to know before I bought the Vaio if it would be easy to swap the HDD for an SSD I bought myself. Answer – it is.

Making the change

You’ll need one Phillips Head size 1 screwdriver. Here’s the laptop:

Flip it over and you’ll see there’s a user removable section on the base. Remove the two screws that hold it in and pull towards the edge of the laptop.

The two screws to remove are in the foreground in this photo

You can now access the battery, the spare memory slot and the hard disk. You’ll see the hard disk has four screws holding it down. Remove these and unplug the hard disk.

The hard disk has two metal mounting strips attached to each side. Swap these over to the SSD.

And screw back in

That’ll be £250, please

Moving the data
If the two disks were equal in size, or the SSD was bigger, you could clone the HD to the SSD and then expand the partitions. Instead the SSD is smaller than the HD, so some juggling is required. The retail version of the SSD linked above comes with a USB SATA cable and software to help you do this, but I had the OEM version and was installing Ubuntu, so my steps were more complicated than yours might be. My steps were:

  1. Make a bootable Ubuntu USB drive
  2. Boot from it
  3. Connect the old drive to the computer with a USB SATA adaptor
  4. Run gparted
  5. Created a new GPT partition table on the SSD (time to move in to the 21st century)
  6. Shrink the NTFS partition to 50000Mb
  7. Used dd to copy the partition from the old drive to the SSD
  8. Ran the Ubuntu installer
  9. Added a 1Mb “Reserved for boot” partition in the space at the beginning of the drive (needed to store the boot loader under GPT)
  10. Added a 2Gb swap partition
  11. Added a 15Gb ext4 root partition
  12. Used the rest as a btrfs home partition
  13. Installed Ubuntu

APT vs. RPM

Since I am switching a lot between distributions at the moment, I will start building this list of equivalent commands.

Note that the repoquery command is only available once you have installed yum-utils, apt-file is only available once you have installed apt-file

Objective APT RPM
Install package from repository apt-get install <package-name> yum install <package-name>
Remove package apt-get remove <package-name> (remove leaving config files)
dpkg -e <package-name> (remove leaving config files)
dpkg -P <package-name> (remove purging config files)
yum remove <package-name>
rpm -e <package-name>
List installed packages dpkg -l rpm -qa
Find package owning file dpkg -S <file> rpm -qf <file>
Search for package name in repository apt-cache search <package-name> repoquery ‘*<package-name>*’
Find which repository a package came from sudo grep <package-name> /var/lib/apt/lists/* | grep “Filename:” repoquery -i <package-name>
Find which package would provide a file if it was installed apt-file search bin/grep repoquery –whatprovides ‘*bin/grep’