Now the issue of PowerShell ExecutionPolicy has come up. We'll be having a meeting with our security manager to discuss the subject, so I wanted to prepare by exploring our options.
I had been setting my target servers to RemoteSigned which seems to be sufficient for running PowerShell from Automic.
And just to see if it would work, I have also set my target servers to Restricted and proved that Automic can still run PowerShell commands on these servers provided I configure the agent like so;
ECPEXE=c:\windows\system32\windowspowershell\v1.0\powershell.exe -NonInteractive -ExecutionPolicy bypass
What I haven't tried is setting the target servers to AllSigned and figuring out how to configure Automic to support signing the powershell script before executing it. Has anyone else tried to do this this? I don't know what would be gained by choosing AllSigned, but I thought I should explore it anyway?