Security Bulletin: Configuration Change for Identity Manager Scripting Driver


Updated guidance has been provided regarding the PowerShell execution policy setting for the Identity Manager Scripting Driver. The updated configuration guidance is to set the execution policy to RemoteSigned.

Identity Manager (IDM)

Article Body
Security Change
The following is a recommendation for a configuration settings change to the Identity Manager Scripting Driver.

Supported Software Versions
This works on all versions of Identity Manager Scripting Driver.

It is recommended that the execution policy for the PowerShell module in the Windows Server on which the Identity Manager (IDM) Scripting Driver is running to be modified as follows:

  1. In the Windows Start Menu, search for PowerShell
  2. Right click Windows PowerShell and select "Run as Administrator"
    1. Note: This must be run as Administrator or with Administrator privileges.
    2. Instead of searching you can also find Windows PowerShell under the Windows PowerShell program group in the Start Menu
  3. Enter the following command: Set-ExecutionPolicy RemoteSigned
  4. You will be prompted to agree to the execution policy change. Select Y for Yes
  5. Type Exit and press Enter to close PowerShell

Here is a sample run of the steps noted above. Items in Yellow are user input:

Windows PowerShell
Copyright (C) 2016 Microsoft Corporation. All rights reserved.
PS C:\Users\Administrator> Set-ExecutionPolicy RemoteSignedExecution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks described in the about_Execution_Policies help topic at Do you want to change the execution policy?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): Y
PS C:\Users\Administrator> Exit

Additional Documentation

Security Bulletin Link

URL Name


Comment List