?
Solved

Exchange '10 ExecutionPolicy (RemoteSigned, Restricted, etc.) Setting

Posted on 2013-06-24
5
Medium Priority
?
429 Views
Last Modified: 2013-06-27
On SP3 (Enterprise) and a third-party application had use set the configuration to "Set-ExecutionPolicy RemoteSigned" (then Yes to confirm).

We elected not to go with the solution but it seems that setting may still be on/active in our Exchange environment and we just want to make sure the setting is not any different by default or leaving any holes in security.

By default what should the setting for Get-ExecutionPolicy be?

By default when I type Get-ExecutionPolicy -List, it shows the ExecutionPolicy as RemoteSigned (not Undefined).
0
Comment
Question by:RTM2007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 39273095
The default is restricted. However most sites I work with use RemoteSigned, as it allows the use of self created ps1 files.

Simon.
0
 
LVL 2

Author Comment

by:RTM2007
ID: 39273126
What are the security concerns with leaving the LocalMachine scope set to RemoteSigned as opposed to undefined?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39273146
Undefined means anything can be run, so that could include scripts that are unsigned and therefore could be malicious.

The four definitions are here:
http://technet.microsoft.com/en-us/library/ee176847.aspx

Simon.
0
 
LVL 2

Author Comment

by:RTM2007
ID: 39273151
So is Undefined essentially the same as Unrestricted from the list?

Essentially does that mean RemoteSigned is safer?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39273178
I wouldn't like to say. Undefined means there is no policy at all. I don't know if Unrestricted has no restrictions at all.

Simon.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses
Course of the Month14 days, 22 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question