Powershell script not executed in SD Package

Document ID : KB000004278
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

The Powershell script in a procedure of a Software Delivery Package is not executed on the Target machine.

Environment:
CA Client Automation - All Versions
Cause:
The powershell script is executed from a mapped directory (z: mapped to \\SSName\SDLIBRARY$) and following message appears due to policy configuration :
 

File Z:\activate\51E1B828-A10E-482B-B3A3-15E119811075.itm\1.vol\test.ps1 cannot be loaded. The file Z:\activate\51E1B828-A10E-482B-B3A3-5E119811075.itm\1.vol\test.ps1 is not digitally signed. The script will not execute on the system. Please see "get-help about_signing" for more details..

 
    + CategoryInfo          : NotSpecified: (:) [], ParentContainsErrorRecordException
 
    + FullyQualifiedErrorId : RuntimeException
 
1.jpg
 
 

 

 
Resolution:
There are possible solutions :
 
Solution 1
 
The solution is to execute the powershell script with option -ExecutionPolicy ByPass
 

1- Create a new configuration policy or update an existing configuration policy which is applied on the computers :

Go to Control Panel/Configurtion/Configuration Policy.

Create or expand the policy and go under DSM/Software Delivery/Agent

Right click on "File Association: PowerShell Scripts interpreter" and select "Setting – Centrally Managed" in popup menu :

 

2.jpg

 

2- Doble click on this parameter and put this value : 

powershell.exe -ExecutionPolicy ByPass -File

 

 3.jpg

 

3- Seal the Configuration Policy

 

 
Solution 2
 
The solution is to add the Scalability Server name in the "Local intranet" zone in Internet explorer settings for Local System Account.
 
 
 
6.jpg
 
 
 
 
This could be done in command line with :
 

reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scala_name" /v file /t REG_DWORD /d 1 /f

 
Remark : replace scala_name by the name of the scalability Server
 
 
7.jpg
 
 
This could also be done using a SD Package which executes following batch commands :
 
@echo OFF
SETLOCAL
for /F "delims=\ tokens=2" %%i IN ('net use ^| find /I "SDLIBRARY$"') DO SET SSNAME=%%i
IF NOT [%SSNAME%] == [] (
reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\%SSNAME%" /v file /t REG_DWORD /d 1 /f
)
ENDLOCAL
 
 
This batch finds the Scalability Server name from the mapped SDLIBRARY$ and add it in the registry.
 
 
Once registry key added on the machine, powershell script should be executed without warning message.
 
Remark :
If the machine is moved to a new Scalability Server, the batch should be executed again in order to add the new Scalability Name in the local intranet site list.
A solution to avoid this is to adapt the batch in order to add all Scalability Servers name in the registry :
 
reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scala_name1" /v file /t REG_DWORD /d 1 /f
 
reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scala_name2" /v file /t REG_DWORD /d 1 /f
 
reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scala_name3" /v file /t REG_DWORD /d 1 /f