The Exchange local machine policy must require signed scripts.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-221216 | SRG-APP-000131 | EX16-ED-000150 | SV-221216r960954_rule | 2024-12-06 | 2 |
| Description |
|---|
| Scripts, especially those downloaded from untrusted locations, often provide a way for attackers to infiltrate a system. By setting machine policy to prevent unauthorized script executions, unanticipated system impacts can be avoided. |
| ℹ️ Check |
|---|
| Open the Exchange Management Shell and enter the following command: Get-ExecutionPolicy If the value returned is not "RemoteSigned", this is a finding. |
| ✔️ Fix |
|---|
| Open the Exchange Management Shell and enter the following command: Set-ExecutionPolicy RemoteSigned |