You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

05: How do PolicyPak Scripts Manager PowerShell Scripts behave when PowerShell is blocked or disabled using the following methods?

Scenario 1:  Blocking / Denying PowerShell with Least Privilege Manager

In PolicyPak version 2790 and lower if you use the PolicyPak provided block PowerShell guidance XML, running PowerShell scripts will be blocked.

Result: PolicyPak Logs will show similar error messages to below when PolicyPak attempts to run a PowerShell script.


 

TIP: PolicyPak Scripts and Triggers Manager logs can be found here on the endpoint(s):

  • %programdata%\PolicyPak\PolicyPak Scripts Manager
  • %localappdata%\PolicyPak\PolicyPak Scripts Manager


In PolicyPak version 2791 and higher if you use the PolicyPak provided block PowerShell guidance XML, running PowerShell scripts will be NOT be blocked, unless you ENABLE the following PolicyPak ADMX setting.

“PolicyPak ADMX Settings > Client-Side Extensions > Least Privilege Manager > Block Processes created by PolicyPak Scripts Manager”



 

Scenario 2: PowerShell is disabled via a Software Restriction policy using Group Policy on User Configuration side as in image below.

If you have a Software Restriction policy in place that blocks PowerShell.

Result: Any PolicyPak Scripts & Triggers Manager policies will still be able to execute PowerShell Scripts successfully, and the PolicyPak Logs will show a successful run message similar to below when PolicyPak runs a PowerShell script.



TIP: PolicyPak Scripts and Triggers Manager logs can be found here on the endpoint(s):

  • %programdata%\PolicyPak\PolicyPak Scripts Manager
  • %localappdata%\PolicyPak\PolicyPak Scripts Manager
     

Scenario 3: PowerShell is disabled via a Software Restriction Policy (SRP) using Group Policy on Computer Configuration side as in the image below.

If you have a Software Restriction Policy in place that blocks PowerShell.

Result: Any PolicyPak Scripts & Triggers Manager policies that do not run as SYSTEM will be blocked from running, and PolicyPak Logs for the user will show blocked events messages similar to below.


 

TIP: PolicyPak Scripts and Triggers Manager logs can be found here on the endpoint(s):

  • %programdata%\PolicyPak\PolicyPak Scripts Manager
  • %localappdata%\PolicyPak\PolicyPak Scripts Manager



Note: To ensure the SRP policy is applied properly during testing you can try running PowerShell manually from CMD as a standard user under either scenario 2 or 3 and if the SRP is applied properly then PowerShell will be blocked.



  • 1146
  • 21-Jul-2021
  • 106 Views