While setting up a new workstation, which is meant to be outside company's domain, I ran the script Baseline-LocalInstall -Win11NonDomainJoined. After the script was done, I cannot turn the Remote Desktop Protocol function. The slider stays on 'off', no matter what I do (tried editing GPO as well as adding a couple of REG_DWORD's, and for the life of mine I cannot figure out what else to do. Has anyone, by any chance, encountered similiar issues? What I've noticed is that the RDP has turned of automatically while the following line was being returned in PowerShell:
Running LGPO.exe /v /g ..\GPOs\{2C3C079A-D4FB-47BD-BF32-DE883E9AF6C4} Applying GPO "MSFT Windows 11 - Domain Security"... Running LGPO.exe /v /g ..\GPOs\{091755B0-6C83-48E7-A77A-E89D0C2EAF27} Applying GPO "MSFT Windows 11 - User"... Running LGPO.exe /v /g ..\GPOs\{80A3C624-3A13-4302-89AD-62D667966E4B} Non-domain-joined: back out the local-account restrictions... Running LGPO.exe /v /s ConfigFiles\DeltaForNonDomainJoined.inf /t ConfigFiles\DeltaForNonDomainJoined.txt
Any help would be appreciated!
For the Reset function, I go to Settings > Updates and Security > Recovery > Reset this PC. So this is a choice that I make, and on that basis I want to choose for that system to run a script after the Reset - and we know that should be possible as we can create completely customised Windows installation ISOs that install apps and Features in a clean state, so can someone tell me how to do a quite simple things - to just get Windows to run a PowerShell script after that Reset?
Actually, I only want to run a couple of lines:
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
i.e. This will enable RDP and allow me to connect remotely and continue the configuration without having to plug in a monitor and keyboard and mouse all just to run the above two commands. As per title, this is a non-Domain scenario so accessing the system as Domain Admin is not possible (and really a Domain should not be necessary, these are my systems on my local network).
The other reason that should make all of the above completely possible is that performing a Reset is not an absolute reset as it retains user information (my main user is still there with the password intact), so just enabling RDP would make everything possible post-Reset.
For reference, nothing in the following have helped me to achieve this goal so far:
Run a powershell script on a remote system with elevated permissions to enable remoting
https://interfacett.com/blogs/how-to-remotely-enable-and-disable-rdp-remote-desktop
The easiest way to do this is to download PStools from Microsoft and use psexec to give yourself remote access:
psexec \\machinename reg add hklm\system\currentcontrolset\control\terminal server /f /v fDenyTSConnections /t REG_DWORD /d 0
psexec \\machinename netsh firewall set service remoteadmin enable
psexec \\machinename netsh firewall set service remotedesktop enable
psexec will let you supply credentials with -u and -p
I get this error when I connect with RDP
This could be due to CredSSP encryption oracle remediation.
For more information, see https://go.microsoft.com/fwlink/?linkid=866660
How to solve it ?
Microsoft made this bad change but I will solve it for you :-)
Run cmd as Administrator (Search for cmd and right click with the mouse to choose RUN AS ADMINISTRATOR).
You can also use powershell admin.
Copy and paste this command to run it and rate my answer if succeed :-)
REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2
create a text file: rd_patch.reg
Paste following content, save and double-click it.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters]
"AllowEncryptionOracle"=dword:00000002
Solution from: https://serverfault.com/a/911645
I am in a windows console or powershell. (Windows7 x64 Pro, PowerShell 4)
When i try to type command like "cmd" i have an error message "The specified path is not valid"
PS D:\DevEnv\workspace\api-node> cmd
Microsoft Windows [version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All right reserved.
The specified path is not valid.
What i tryed after reading msdn articles but it don't solve the problem:
-delete my System variable PATH and try again
-clean my registry with ccleaner
Is there any "verbose" or "debug" mode in powershell or windows console to see what path is involved and where i can change it?
Is there any "verbose" or "debug" mode …? I don't think so; however, running next commands from an open cmd window could help to identify possible error source(s):
wmic process where "name='cmd.exe'" get Caption, CommandLine, ParentProcessId, ProcessId
2>NUL reg query "HKLM\Software\Microsoft\Command Processor" /V AutoRun
2>NUL reg query "HKCU\Software\Microsoft\Command Processor" /V AutoRun
In above output we are seeking for any commands which could be a source of The specified path is not valid error message.
wmic seems to be self-explaining;
both reg query show AutoRun registry values (if present), see cmd /?.
I have been attempting to run powershell as my terminal on windows in pycharm, so I did the following:
However, when I try this, it says that it cannot execute my scripts, and hence I get the following error: SecurityError and the Fully Qualified Id is : UnAuthorizedAccess.
This arises from the fact that pycharm's terminal cannot execute my Powershell_profile.ps1 profile file.
How can I successfully run Pycharm's terminal with Powershell?
What I have tried so far, is going into my main powershell directory as in %windir%/system32/WindowsPowerShell/1.0/profile.ps1, and then change it to include the following:
Set-ExecutionPolicy Unrestricted
However, this does not help, and I get the same error when I try to open of pycharm's terminal.
I have also tried to run pycharm as Admin, however this does not solve the problem either, and I get the same aforementioned error.
I've replaced cmd.exe with powershell.exe in a simpler way and hope it can help.
I'm using webstorm2017 and Win10 os.
1.Find the exact location of powershell.exe.In mine and I believe in most computers the location would be C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.Copy the whole path into your clipboard.
2.In your IDE open File=>Setting=>Tools=>Terminal, and paste the path into "Shell path" blank.
3.Restart the IDE and everything would be ok.
Set-ExecutionPolicy Unrestricted -Scope CurrentUser
I updated the powershell.exe path in IntelliJ -> Settings -> Terminal
Opened a powershell instance in Admin mode.
Executed Set-ExecutionPolicy Unrestricted -Scope CurrentUser
Restarted IntelliJ and the issue was solved.
Step 3 is from ebelanger's answer.
Browse to the PowerShell executable, right-click, run as administrator.
From the prompt, use the same command you tried:
Set-ExecutionPolicy Unrestricted
Once that is done, close PowerShell, and attempt to use it again from your application.
Note:
You can't set the execution policy from a script, as the default execution policy prevents you from running scripts. (even if it's the profile script - still a script)
In PyCharm
File->Settings->Tools->Terminal
Shell path:
"powershell.exe -ExecutionPolicy Bypass"
Then restart PyCharm
In the Default Shell TextBox you can append the execution policy command line option like so:
powershell.exe -Executionpolicy Unrestricted
If you're running on Windows 8 x64 then running both the commands below may help. It worked for me.
Set-ExecutionPolicy Unrestricted
start-job { Set-ExecutionPolicy Unrestricted -Force } -RunAs32
Credit to a comment found here:
Powershell on Windows 7: Set-ExecutionPolicy for regular users
As mentioned in other answers, if after setting powershell.exe as your terimal in IntelliJ → Settings → Tools → Terminal → Shell path it throws UnAuthorizedAccess errors, normal way to solve this is to alter execution policy:
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
Note that Unrestricted level is the least secure of all, and you're usually can go with RemoteSigned in order to disable unsigned scripts downloaded from the web until you manually remove Internet or Intranet Zone.Identifier from them, usually with Unlock button in file properties.
However, you may run to an occasion when you're not able to change execution policy. Usually that's because of corporate security settings in Active Directory. In PowerShell, that corresponds to scopes MachinePolicy and UserPolicy. A primary symptom of this situation is the following message:
Set-ExecutionPolicy : Windows PowerShell updated your execution policy
successfully, but the setting is overridden by a policy defined at a
more specific scope. Due to the override, your shell will retain its
current effective execution policy of AllSigned. Type
"Get-ExecutionPolicy -List" to view your execution policy settings.
For more information please see "Get-Help Set-ExecutionPolicy".
You can't set execution policies at this scopes with PowerShell or gpedit.msc. Attempts to change this settings directly in registry is also ineffective: they're applied on restart or login, but at the same time they're being re-imported from Active Directory. However, while you won't be able to run arbitrary PowerShell scripts all around, for profiles and other local scripts that's only modified manually there's still a solution:
Run the following command in PowerShell to create ceritificate files root.pvk and root.cer - it will ask you to define and then confirm password to the certificate:
makecert -n "CN=PowerShell Local Certificate Root" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -sr localMachine
In the same folder, run the following command to import generated certificate files as your self-signed certificate - it will ask for the password you're defined above:
makecert -pe -n "CN=PowerShell User" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer
Sign your profile script with the following command:
Set-AuthenticodeSignature "[script path]" #(Get-ChildItem cert:\CurrentUser\My -codesign)[0]
When running a script signed with self-ceritificate for the first time, PowerShell will ask you about trusting the certificate like this:
The file [script path] is published by CN=PowerShell User. This publisher is not trusted on your system. Only run scripts from trusted publishers.
[V] Never run [D] Do not run [R] Run once [A] Always run [?] Help (default is "D")
Answer A to always run self-signed certificates.
Now your profile script won't cause any errors. However, note that signing a certificate adds a signature block in the end of your script containing its hash. If you're about to modify the script, remove that block and, after you're done with editing the script, sign it again by repeating step 3.
Specify the shell that will run by default. Here are some examples of different shells:
Bash: /bin/bash
Z shell: /bin/zsh
Bash for Windows: bash.exe
WSL: wsl.exe
PowerShell: powershell
Command Prompt: cmd.exe
Cygwin: "C:\cygwin\bin\bash.exe" --login -i
for more info: https://www.jetbrains.com/help/webstorm/settings-tools-terminal.html
As of this writing (2018-9-20), there is now a PowerShell plugin available here.
I have installed v1.1 in PyCharm v2018.2.3 (Professional), and it seems to work like a charm, no pun intended.
This plugin provides Intellisense-type support of PS1 scripts, as well as an integrated PowerShell terminal. In order to open the terminal, go to Tools > PowerShell Console...
There appears to be no need to muck about with any kinds of settings or permissions in order to get it to work. It Just Works.
You only need to write powershell in the Shell path input, just like in the image, also you can see jetBrains documentation and configure any shell you want.
powershell configuration
For WebStorm and PowerShell 6+ on Windows 10.
Just follow this screenshot and change the default cmd.exe to pwsh.exe from settings. Finally restart the ide. Done!