Signed scripts in SCOM.

Vitaliy Ershov 0 Reputation points
2024-06-03T09:37:23.0533333+00:00

Hello everyone.

I have SCOM 2016. On the servers for PowerShell scripts, the Execution Policy is set to All Signed.

As I see it, SCOM sometimes creates temporary PowerShell scripts for checks itself, but they are not executed because they do not have a digital signature.

How do I configure SCOM to be able to run scripts while saving the Execution Policy to All Signed?

Below is the error log:

Event Description: Error Message = File C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 28441\113067\Microsoft.Windows.Server.TopCPUUsage.ps1 cannot be loaded. The file C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 28441\113067\Microsoft.Windows.Server.TopCPUUsage.ps1 is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,440 questions
Microsoft System Center
Microsoft System Center
A suite of Microsoft systems management products that offer solutions for managing datacenter resources, private clouds, and client devices.
893 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,270 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. XinGuo-MSFT 15,781 Reputation points
    2024-06-04T07:35:35.5266667+00:00

    Hi,

    Microsoft.Windows.Server.TopCPUUsage.ps1 is not digitally signed. You cannot run this script on the current system.

    Based on the error message, I recommend you change the Execution Policy to RemoteSigned.

    • RemoteSigned We can run the script on local computer, but any scripts and configuration files from the internet must be signed by a trusted publisher.