From 3074ede8a34bf2fd4b18e22581ebad95f9a5c2e6 Mon Sep 17 00:00:00 2001 From: Jean-Pierre Matsumoto Date: Mon, 4 Jan 2021 21:41:54 +0100 Subject: [PATCH] ExecutionPolicy default value is RemoteSigned (#72993) * ExecutionPolicy default value is RemoteSigned ##### SUMMARY In Windows setup steps, settings `ExecutionPolicy` is restored to value `Restricted`. But actually default value for Windows server is not `Restricted` but `RemoteSigned` ([source](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.1#default)). I have got issue with `win_dsc` because `ExecutionPolicy` was `Restricted`. ##### ISSUE TYPE - Docs Pull Request +label: docsite_pr * Add changelog fragment * Apply suggestions from code review Co-authored-by: Sandra McCann --- changelogs/fragments/72993-ansible-doc-has_action.yml | 2 ++ docs/docsite/rst/user_guide/windows_setup.rst | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/72993-ansible-doc-has_action.yml diff --git a/changelogs/fragments/72993-ansible-doc-has_action.yml b/changelogs/fragments/72993-ansible-doc-has_action.yml new file mode 100644 index 00000000000..87746c7816a --- /dev/null +++ b/changelogs/fragments/72993-ansible-doc-has_action.yml @@ -0,0 +1,2 @@ +minor_changes: +- "ansible-doc - In Windows setup steps, ``ExecutionPolicy`` should be restored to default value ``RemoteSigned`` (https://github.com/ansible/ansible/pull/72993)." diff --git a/docs/docsite/rst/user_guide/windows_setup.rst b/docs/docsite/rst/user_guide/windows_setup.rst index 910fa06fc93..c599e4c916d 100644 --- a/docs/docsite/rst/user_guide/windows_setup.rst +++ b/docs/docsite/rst/user_guide/windows_setup.rst @@ -49,13 +49,13 @@ This is an example of how to run this script from PowerShell: &$file -Version 5.1 -Username $username -Password $password -Verbose Once completed, you will need to remove auto logon -and set the execution policy back to the default of ``Restricted``. You can +and set the execution policy back to the default (``Restricted `` for Windows clients, or ``RemoteSigned`` for Windows servers). You can do this with the following PowerShell commands: .. code-block:: powershell # This isn't needed but is a good security practice to complete - Set-ExecutionPolicy -ExecutionPolicy Restricted -Force + Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force $reg_winlogon_path = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" Set-ItemProperty -Path $reg_winlogon_path -Name AutoAdminLogon -Value 0