Client Automation - Powershell script not executed in SD Package

book

Article ID: 4278

calendar_today

Updated On:

Products

CA Client Automation - IT Client Manager CA Client Automation CA Client Automation - Software Delivery

Issue/Introduction

The Powershell script in a procedure of a Software Delivery Package is not executed on the Target machine.

Cause

The powershell script is executed from a mapped directory (z: mapped to \\SSName\SDLIBRARY$) and following message appears due to policy configuration :

 

File Z:\activate\51E1B828-A10E-482B-B3A3-15E119811075.itm\1.vol\test.ps1 cannot be loaded. The file Z:\activate\51E1B828-A10E-482B-B3A3-5E119811075.itm\1.vol\test.ps1 is not digitally signed. The script will not execute on the system. Please see "get-help about_signing" for more details..

    + CategoryInfo          : NotSpecified: (:) [], ParentContainsErrorRecordException

    + FullyQualifiedErrorId : RuntimeException

 

Environment

CA Client Automation - All Versions



Resolution

There are possible solutions :

SOLUTION 1:

 The solution is to execute the powershell script with option -ExecutionPolicy ByPass

1- Create a new configuration policy or update an existing configuration policy which is applied on the computers :

Go to Control Panel/Configurtion/Configuration Policy.

Create or expand the policy and go under DSM/Software Delivery/Agent

Right click on "File Association: PowerShell Scripts interpreter" and select "Setting – Centrally Managed" in popup menu :




 

2- Doble click on this parameter and put this value : 

powershell.exe -ExecutionPolicy ByPass -File

  


3- Seal the Configuration Policy

  

SOLUTION 2

 The solution is to add the Scalability Server name in the "Local intranet" zone in Internet explorer settings for Local System Account.

   




This could be done in command line with :

 reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scala_name" /v file /t REG_DWORD /d 1 /f

 Remark : replace scala_name by the name of the scalability Server

  

This could also be done using a SD Package which executes following batch commands :

 

@echo OFF

SETLOCAL

for /F "delims=\ tokens=2" %%i IN ('net use ^| find /I "SDLIBRARY$"') DO SET SSNAME=%%i

IF NOT [%SSNAME%] == [ ]

(

reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\%SSNAME%" /v file /t REG_DWORD /d 1 /f

)

ENDLOCAL

  This batch finds the Scalability Server name from the mapped SDLIBRARY$ and add it in the registry. Once registry key added on the machine, powershell script should be executed without warning message.


 Remark :

If the machine is moved to a new Scalability Server, the batch should be executed again in order to add the new Scalability Name in the local intranet site list.

A solution to avoid this is to adapt the batch in order to add all Scalability Servers name in the registry :

 

reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scala_name1" /v file /t REG_DWORD /d 1 /f

reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scala_name2" /v file /t REG_DWORD /d 1 /f

reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scala_name3" /v file /t REG_DWORD /d 1 /f

Attachments