Server 2012 too restrictive

Hi all i have crated a series of scripts that automates a number of settings after creating a new VM. i have one .cmd file that calls a series of other vb scripts, .cmd and powershell. The scripts work fine on server 2008 r2 but having real trouble on 2012. UAC has been disabled. Any help appreciated. I have copied some of the errors below.

when calling the .cmd file
Set startup delay to 5 seconds
The boot configuration data store could not be opened.

when calling the ps1 file
set-executionpolicy : Access to the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\M
icrosoft\PowerShell\1\ShellIds\Microsoft.PowerShell' is denied. To change the
execution policy for the default (LocalMachine) scope, start Windows
PowerShell with the "Run as administrator" option. To change the execution
policy for the current user, run "Set-ExecutionPolicy -Scope CurrentUser".
At line:1 char:3
+ &{set-executionpolicy unrestricted}
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (:) [Set-ExecutionPolicy], Una
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.Pow
LVL 15
Who is Participating?

Improve company productivity with a Business Account.Sign Up

schmieguConnect With a Mentor Commented:
Did you already reboot after disabling UAC? And even after disabling UAC I prefer to set "Behavior of the elevation prompt for administrators in Admin Approval Mode" to "Enable without prompting".
cwstad2Author Commented:
Hi yes i have done both
VB ITSConnect With a Mentor Specialist ConsultantCommented:
Try running this command in PowerShell (as an Administrator): Set-ExecutionPolicy Unrestricted -Scope CurrentUser

Be aware of the security implications when setting the execution policy to Unrestricted though:
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

cwstad2Author Commented:
Hi ive tried that also still the same issue ;'). If i run the individual scripts as admin they seem to be ok. But when its called from a single file that runs all the problem occurs. Even if i try and run the central script as admin nothing seems to run
Try below from elevated PowerShell

set-executionpolicy unrestricted

When prompted type Y to accept and check if it works
VB ITSSpecialist ConsultantCommented:
Try changing the permissions of Users to Full Control to the registry key:

Open in new window

cwstad2Author Commented:
Hi all, this only seems to be applicable to 2012 as it work on 2008. Is there any additional security i could disable?

cwstad2Author Commented:
it works with the local admin account but not when joined ot the domain
VB ITSSpecialist ConsultantCommented:
Did you try changing the permissions to the registry key as mentioned in my previous comment?
cwstad2Author Commented:
Thanks for your reply, i am logged in as domain admin with full permissions. Its not just the poweshell scripts that seem to have the issue its all
cwstad2Author Commented:
i have found the issue, bit will have to work out a solution. If i open a cmd prompt as admin and open the .cmd file then it works. Right clicking on the .cmd file and running as admin doesn't work for some reason
VB ITSSpecialist ConsultantCommented:
Hmm perhaps try disabling Admin Approval mode on the server if only administrative tasks will be performed on this server. I do not recommend changing this setting if your admins browse the Internet or do anything outside the realm of administering the server:

- Right click the Start button then click Run
- Type in secpol.msc then click OK
- Expand Local Policies then click on Security Options
- Change User Account Control: Turn on Admin Approval Mode to Disabled
- Reboot the server
- Try running your script again

If the above doesn't work then change the User Account Control: Turn on Admin Approval Mode setting back to Enabled and reboot the server.
cwstad2Author Commented:
Thanks, that was already disabled. just need to get that .cmd file with all the scripts in to run as admin and not exit
cwstad2Author Commented:
Hi Guys, thanks for your help. I resolved the issue by changing the way the scripts ran. Essentially i set a number of the to run as part of the guest cutomisation script in vcentre.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.