Server 2012 too restrictive

Hi all i have crated a series of scripts that automates a number of settings after creating a new VM. i have one .cmd file that calls a series of other vb scripts, .cmd and powershell. The scripts work fine on server 2008 r2 but having real trouble on 2012. UAC has been disabled. Any help appreciated. I have copied some of the errors below.

when calling the .cmd file
Set startup delay to 5 seconds
The boot configuration data store could not be opened.

when calling the ps1 file
set-executionpolicy : Access to the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\M
icrosoft\PowerShell\1\ShellIds\Microsoft.PowerShell' is denied. To change the
execution policy for the default (LocalMachine) scope, start Windows
PowerShell with the "Run as administrator" option. To change the execution
policy for the current user, run "Set-ExecutionPolicy -Scope CurrentUser".
At line:1 char:3
+ &{set-executionpolicy unrestricted}
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (:) [Set-ExecutionPolicy], Una
   uthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.Pow
   erShell.Commands.SetExecutionPolicyCommand
LVL 15
cwstad2Asked:
Who is Participating?
 
schmieguCommented:
Did you already reboot after disabling UAC? And even after disabling UAC I prefer to set "Behavior of the elevation prompt for administrators in Admin Approval Mode" to "Enable without prompting".
0
 
cwstad2Author Commented:
Hi yes i have done both
0
 
VB ITSSpecialist ConsultantCommented:
Try running this command in PowerShell (as an Administrator): Set-ExecutionPolicy Unrestricted -Scope CurrentUser

Be aware of the security implications when setting the execution policy to Unrestricted though: https://technet.microsoft.com/en-us/library/hh849812.aspx
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
cwstad2Author Commented:
Hi ive tried that also still the same issue ;'). If i run the individual scripts as admin they seem to be ok. But when its called from a single file that runs all the problem occurs. Even if i try and run the central script as admin nothing seems to run
0
 
MaheshArchitectCommented:
Try below from elevated PowerShell

set-executionpolicy unrestricted

When prompted type Y to accept and check if it works
0
 
VB ITSSpecialist ConsultantCommented:
Try changing the permissions of Users to Full Control to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell

Open in new window

0
 
cwstad2Author Commented:
Hi all, this only seems to be applicable to 2012 as it work on 2008. Is there any additional security i could disable?

thanks
0
 
cwstad2Author Commented:
it works with the local admin account but not when joined ot the domain
0
 
VB ITSSpecialist ConsultantCommented:
Did you try changing the permissions to the registry key as mentioned in my previous comment?
0
 
cwstad2Author Commented:
Thanks for your reply, i am logged in as domain admin with full permissions. Its not just the poweshell scripts that seem to have the issue its all
0
 
cwstad2Author Commented:
i have found the issue, bit will have to work out a solution. If i open a cmd prompt as admin and open the .cmd file then it works. Right clicking on the .cmd file and running as admin doesn't work for some reason
0
 
VB ITSSpecialist ConsultantCommented:
Hmm perhaps try disabling Admin Approval mode on the server if only administrative tasks will be performed on this server. I do not recommend changing this setting if your admins browse the Internet or do anything outside the realm of administering the server:

- Right click the Start button then click Run
- Type in secpol.msc then click OK
- Expand Local Policies then click on Security Options
- Change User Account Control: Turn on Admin Approval Mode to Disabled
- Reboot the server
- Try running your script again

If the above doesn't work then change the User Account Control: Turn on Admin Approval Mode setting back to Enabled and reboot the server.
0
 
cwstad2Author Commented:
Thanks, that was already disabled. just need to get that .cmd file with all the scripts in to run as admin and not exit
0
 
cwstad2Author Commented:
Hi Guys, thanks for your help. I resolved the issue by changing the way the scripts ran. Essentially i set a number of the to run as part of the guest cutomisation script in vcentre.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.