Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Thursday, September 8, 2011

Windows PowerShell and GPO

Deploying with SCCM has nothing to do with UAC.  UAC only counts when you are logged into the machinelocally.
The script you are running is set of batch commands that can be executed by SCCM.  ALl of these commands can also be done using POwerShell remnotely which also does nnot require UAC elevation.
None of the scenarios you describe indicate that UAC is your problem.
If run under SCCM it will be silent. SCCM runs elevated always.
This is a process that only ever gets run once. Wy is it a problem to have to eleavter.  Just choose to right click runas.  Running silently locally would only be required if you were trying to make something happen that shouldn't happen.
Use the PowerSHell sIIS 7 shell to run all of those commands remotely or even WMI remotely assuming you ae an administrator.  Remote operations with the administrator account do  not trigger UAC.

Using PowerShell remotely:
As you may know, Windows PowerShell 2.0 introduced a new remoting feature, allowing for remote management of computers.
While this feature can be enabled manually (or scripted) with the PowerShell 2.0 cmdlet Enable-PSRemoting, I would recommend using Group Policy whenever possible. This guide will show you how this can be accomplished for Windows Vista, Windows Server 2008 and above. For Windows XP and Windows Server 2003, running Enable-PSRemoting in a PowerShell startup script would be the best approach.
Windows PowerShell 2.0 and WinRM 2.0 shipped with Windows 7 and Windows Server 2008 R2. To take advantage of Windows PowerShell Remoting, both of these are required on the downlevel operating systems Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008. Both Windows PowerShell 2.0 and WinRM 2.0 are available for download here, as part of the Windows Management Framework (Windows PowerShell 2.0, WinRM 2.0, and BITS 4.0). To deploy this update to downlevel operating systems I would recommend to use WSUS, which are described in detail in this blog post by Kurt Roggen.
Group Policy Configuration
Open the Group Policy Management Console from a domain-joined Windows 7 or Windows Server 2008 R2 computer.
Create or use an existing Group Policy Object, open it, and navigate to Computer Configuration->Policies->Administrative templates->Windows Components
Here you will find the available Group Policy settings for Windows PowerShell, WinRM and Windows Remote Shell:
To enable PowerShell Remoting, the only setting we need to configure are found under “WinRM Service”, named “Allow automatic configuration of listeners”:
More at link
Installing Roles and Features remotely on multiple computers simultaneously

No comments: