Exchange '10 ExecutionPolicy (RemoteSigned, Restricted, etc.) Setting

On SP3 (Enterprise) and a third-party application had use set the configuration to "Set-ExecutionPolicy RemoteSigned" (then Yes to confirm).

We elected not to go with the solution but it seems that setting may still be on/active in our Exchange environment and we just want to make sure the setting is not any different by default or leaving any holes in security.

By default what should the setting for Get-ExecutionPolicy be?

By default when I type Get-ExecutionPolicy -List, it shows the ExecutionPolicy as RemoteSigned (not Undefined).
LVL 2
RTM2007Asked:
Who is Participating?
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
The default is restricted. However most sites I work with use RemoteSigned, as it allows the use of self created ps1 files.

Simon.
0
 
RTM2007Author Commented:
What are the security concerns with leaving the LocalMachine scope set to RemoteSigned as opposed to undefined?
0
 
Simon Butler (Sembee)ConsultantCommented:
Undefined means anything can be run, so that could include scripts that are unsigned and therefore could be malicious.

The four definitions are here:
http://technet.microsoft.com/en-us/library/ee176847.aspx

Simon.
0
 
RTM2007Author Commented:
So is Undefined essentially the same as Unrestricted from the list?

Essentially does that mean RemoteSigned is safer?
0
 
Simon Butler (Sembee)ConsultantCommented:
I wouldn't like to say. Undefined means there is no policy at all. I don't know if Unrestricted has no restrictions at all.

Simon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.