Solved

Server 2012 too restrictive

Posted on 2015-01-29
14
117 Views
Last Modified: 2015-02-02
Hi all i have crated a series of scripts that automates a number of settings after creating a new VM. i have one .cmd file that calls a series of other vb scripts, .cmd and powershell. The scripts work fine on server 2008 r2 but having real trouble on 2012. UAC has been disabled. Any help appreciated. I have copied some of the errors below.

when calling the .cmd file
Set startup delay to 5 seconds
The boot configuration data store could not be opened.

when calling the ps1 file
set-executionpolicy : Access to the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\M
icrosoft\PowerShell\1\ShellIds\Microsoft.PowerShell' is denied. To change the
execution policy for the default (LocalMachine) scope, start Windows
PowerShell with the "Run as administrator" option. To change the execution
policy for the current user, run "Set-ExecutionPolicy -Scope CurrentUser".
At line:1 char:3
+ &{set-executionpolicy unrestricted}
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (:) [Set-ExecutionPolicy], Una
   uthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.Pow
   erShell.Commands.SetExecutionPolicyCommand
0
Comment
Question by:cwstad2
14 Comments
 
LVL 9

Accepted Solution

by:
schmiegu earned 250 total points
ID: 40577104
Did you already reboot after disabling UAC? And even after disabling UAC I prefer to set "Behavior of the elevation prompt for administrators in Admin Approval Mode" to "Enable without prompting".
0
 
LVL 15

Author Comment

by:cwstad2
ID: 40577108
Hi yes i have done both
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 250 total points
ID: 40577157
Try running this command in PowerShell (as an Administrator): Set-ExecutionPolicy Unrestricted -Scope CurrentUser

Be aware of the security implications when setting the execution policy to Unrestricted though: https://technet.microsoft.com/en-us/library/hh849812.aspx
0
 
LVL 15

Author Comment

by:cwstad2
ID: 40577162
Hi ive tried that also still the same issue ;'). If i run the individual scripts as admin they seem to be ok. But when its called from a single file that runs all the problem occurs. Even if i try and run the central script as admin nothing seems to run
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 40577172
Try below from elevated PowerShell

set-executionpolicy unrestricted

When prompted type Y to accept and check if it works
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40577174
Try changing the permissions of Users to Full Control to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell

Open in new window

0
 
LVL 15

Author Comment

by:cwstad2
ID: 40577177
Hi all, this only seems to be applicable to 2012 as it work on 2008. Is there any additional security i could disable?

thanks
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 15

Author Comment

by:cwstad2
ID: 40577305
it works with the local admin account but not when joined ot the domain
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40577309
Did you try changing the permissions to the registry key as mentioned in my previous comment?
0
 
LVL 15

Author Comment

by:cwstad2
ID: 40577420
Thanks for your reply, i am logged in as domain admin with full permissions. Its not just the poweshell scripts that seem to have the issue its all
0
 
LVL 15

Author Comment

by:cwstad2
ID: 40577463
i have found the issue, bit will have to work out a solution. If i open a cmd prompt as admin and open the .cmd file then it works. Right clicking on the .cmd file and running as admin doesn't work for some reason
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40577491
Hmm perhaps try disabling Admin Approval mode on the server if only administrative tasks will be performed on this server. I do not recommend changing this setting if your admins browse the Internet or do anything outside the realm of administering the server:

- Right click the Start button then click Run
- Type in secpol.msc then click OK
- Expand Local Policies then click on Security Options
- Change User Account Control: Turn on Admin Approval Mode to Disabled
- Reboot the server
- Try running your script again

If the above doesn't work then change the User Account Control: Turn on Admin Approval Mode setting back to Enabled and reboot the server.
0
 
LVL 15

Author Comment

by:cwstad2
ID: 40577502
Thanks, that was already disabled. just need to get that .cmd file with all the scripts in to run as admin and not exit
0
 
LVL 15

Author Closing Comment

by:cwstad2
ID: 40584037
Hi Guys, thanks for your help. I resolved the issue by changing the way the scripts ran. Essentially i set a number of the to run as part of the guest cutomisation script in vcentre.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Create and license users in Office 365 in bulk based on a CSV file. A step-by-step guide with PowerShell script examples.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now