Monthly Archives: May 2010
As an admin I store all my PS scripts on a central server and schedule tasks on each individual server so its no big deal if I change a script around.
So scheduling these tasks on 08 was way more of a pain than I thought it would be. There are a couple of steps involved in order to get this to work correctly.
With 2k8 there are two things off the bat that stop you from running a script from UNC
The more common is the execution policy, which by default is Restricted. In this case ideally what you want is remote signed. Its not the best idea, but since signing can be a bit of a pain you might go with unrestricted at your own risk. in PS just type in set-executionpolicy remotesigned
you can actually do this with a GPO
IE Config (shut off IE ESC)
so once you get the execution policy setup correctly you need to disable IE Enhanced Security Configuration (IE ESC) to allow UNCs to be considered Intranet. You can set a registry key, UNCAsIntranet, to accomplish this, but its a account based key. you can find info on that key here
HKEY_CURRENT_USER\Software\Policies\Microsoft \Windows\CurrentVersion\Internet Settings\ZoneMap
DWORD: UNCAsIntranet 1
Personally I prefer to shut off IE ESC because you shouldn’t be using a server to surf the web. To do this you open up Server Manager (that nifty little link on the task bar) and highlight the Server Manager node at the top of the list. On the right hand side if you scroll down a bit one of the right hand boxes will have a link for Configure IE ESC and turn it off for both (your script account may not be an admin, depending on how you configure things)
The next thing is the account you use to run the script, I’m going to assume its not your own account and you’ve setup an account just for running scripts. In order for this account to run the script correctly you need to login with it. The reason for this is that after you’ve disabled IE ESC or created that reg key (via a gpo I’m guessing) the users needs to login in order to have the UNCAsIntranet key created under their account.
This is the easy part really, open up Task Scheduler and you can just create a basic task. You’ll need to point it to powershell (C:\Windows\System32\WindowsPowerShell\v1.0 yup, it still says V1) and as the arguments you’ll use –command “\\server\share\script.ps1”
at the end of the basic task creation wizard check off the box that says open property page and go to the General tab and check off Run with highest privileges (to get past UAC).