Solved

Server 2012 too restrictive

Posted on 2015-01-29
14
120 Views
Last Modified: 2015-02-02
Hi all i have crated a series of scripts that automates a number of settings after creating a new VM. i have one .cmd file that calls a series of other vb scripts, .cmd and powershell. The scripts work fine on server 2008 r2 but having real trouble on 2012. UAC has been disabled. Any help appreciated. I have copied some of the errors below.

when calling the .cmd file
Set startup delay to 5 seconds
The boot configuration data store could not be opened.

when calling the ps1 file
set-executionpolicy : Access to the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\M
icrosoft\PowerShell\1\ShellIds\Microsoft.PowerShell' is denied. To change the
execution policy for the default (LocalMachine) scope, start Windows
PowerShell with the "Run as administrator" option. To change the execution
policy for the current user, run "Set-ExecutionPolicy -Scope CurrentUser".
At line:1 char:3
+ &{set-executionpolicy unrestricted}
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (:) [Set-ExecutionPolicy], Una
   uthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.Pow
   erShell.Commands.SetExecutionPolicyCommand
0
Comment
Question by:cwstad2
14 Comments
 
LVL 9

Accepted Solution

by:
schmiegu earned 250 total points
ID: 40577104
Did you already reboot after disabling UAC? And even after disabling UAC I prefer to set "Behavior of the elevation prompt for administrators in Admin Approval Mode" to "Enable without prompting".
0
 
LVL 15

Author Comment

by:cwstad2
ID: 40577108
Hi yes i have done both
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 250 total points
ID: 40577157
Try running this command in PowerShell (as an Administrator): Set-ExecutionPolicy Unrestricted -Scope CurrentUser

Be aware of the security implications when setting the execution policy to Unrestricted though: https://technet.microsoft.com/en-us/library/hh849812.aspx
0
 
LVL 15

Author Comment

by:cwstad2
ID: 40577162
Hi ive tried that also still the same issue ;'). If i run the individual scripts as admin they seem to be ok. But when its called from a single file that runs all the problem occurs. Even if i try and run the central script as admin nothing seems to run
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 40577172
Try below from elevated PowerShell

set-executionpolicy unrestricted

When prompted type Y to accept and check if it works
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40577174
Try changing the permissions of Users to Full Control to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell

Open in new window

0
 
LVL 15

Author Comment

by:cwstad2
ID: 40577177
Hi all, this only seems to be applicable to 2012 as it work on 2008. Is there any additional security i could disable?

thanks
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 15

Author Comment

by:cwstad2
ID: 40577305
it works with the local admin account but not when joined ot the domain
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40577309
Did you try changing the permissions to the registry key as mentioned in my previous comment?
0
 
LVL 15

Author Comment

by:cwstad2
ID: 40577420
Thanks for your reply, i am logged in as domain admin with full permissions. Its not just the poweshell scripts that seem to have the issue its all
0
 
LVL 15

Author Comment

by:cwstad2
ID: 40577463
i have found the issue, bit will have to work out a solution. If i open a cmd prompt as admin and open the .cmd file then it works. Right clicking on the .cmd file and running as admin doesn't work for some reason
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40577491
Hmm perhaps try disabling Admin Approval mode on the server if only administrative tasks will be performed on this server. I do not recommend changing this setting if your admins browse the Internet or do anything outside the realm of administering the server:

- Right click the Start button then click Run
- Type in secpol.msc then click OK
- Expand Local Policies then click on Security Options
- Change User Account Control: Turn on Admin Approval Mode to Disabled
- Reboot the server
- Try running your script again

If the above doesn't work then change the User Account Control: Turn on Admin Approval Mode setting back to Enabled and reboot the server.
0
 
LVL 15

Author Comment

by:cwstad2
ID: 40577502
Thanks, that was already disabled. just need to get that .cmd file with all the scripts in to run as admin and not exit
0
 
LVL 15

Author Closing Comment

by:cwstad2
ID: 40584037
Hi Guys, thanks for your help. I resolved the issue by changing the way the scripts ran. Essentially i set a number of the to run as part of the guest cutomisation script in vcentre.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now