ComputerManagementDsc
ComputerManagementDsc copied to clipboard
dsccommunity
Computer: Error: MSFT_Computer.psm1 is not digitally signed
Details of the scenario you tried and the problem that is occurring
Currently I'm using an ARM Template to create new Windows 10 virtual machines in Azure and added the PowerShell DSC extensio so that I can configure the newly created Windows 10 machine properly. This configuration requires to join the computer to the domain.
The compilation of the DSC configuration fails with the following error:
[2018-11-14 11:18:36Z] [ERROR] Importing module MSFT_Computer failed with error - File C:\Program Files\WindowsPowerShell\Modules\ComputerManagementDsc\DscResources\MSFT_Computer\MSFT_Computer.psm1 cannot be loaded. The file C:\Program Files\WindowsPowerShell\Modules\ComputerManagementDsc\DscResources\MSFT_Computer\MSFT_Computer.psm1 is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
Verbose logs showing the problem
Suggested solution to the issue
The DSC configuration that is used to reproduce the issue (as detailed as possible)
Computer DomainJoin
{
Name = $env:ComputerName
DomainName = $domainName
Credential = $AdminCredential
}
The operating system the target node is running
OsName : Microsoft Windows 10 Enterprise N OsOperatingSystemSKU : WindowsEnterprise OsArchitecture : 64-bit WindowsVersion : 1709 WindowsBuildLabEx : 16299.637.amd64fre.rs3_release_svc.180808-1748 OsLanguage : en-US OsMuiLanguages : {en-US}
Version and build of PowerShell the target node is running
Name Value
PSVersion 5.1.16299.666 PSEdition Desktop PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...} BuildVersion 10.0.16299.666 CLRVersion 4.0.30319.42000 WSManStackVersion 3.0 PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1
Version of the DSC module that was used ('dev' if using current dev branch)
2.22.0.0
This issue has been automatically marked as stale because it has not had activity from the community in the last 30 days. It will be closed if no further activity occurs within 10 days. If the issue is labelled with any of the work labels (e.g bug, enhancement, documentation, or tests) then the issue will not auto-close.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @andikrueger - this is because the default script execution policy for Windows 10 in Azure is 'Remote Signed'. This prevents downloaded resource modules from running on the VM.
Unfortunately the DSC resource kit modules are not digitally signed when released.
Therefore the solution to this is to change the execution policy to 'unrestricted' on the VM before the DSC extension applies. You might be able to do this by using a script resource on the VM to ensure this occurs before the DSC extension.
You'd need to run:
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope LocalMachine
I'd also suggest raising this issue over in the PowerShell DscResources repo: https://github.com/PowerShell/DscResources as this is a general issue that might be also able to be addressed by changes to the Azure DSC Extension. I can then tag the appropriate people from the DSC team in the issue to get them to look at it.
@PlagueHO thank you so much for the feedback. I already use a custom script extension to set the ExecutionPolicy. Honestly, I do not like the fact, that I will have to change a security feature to join a computer to a domain.
I will raise this issue at the DscResources Repo.
I agree. The Azure DSC extension should ensure this is set up correctly. I think it is fine in Azure Windows Server 2012/2016/2019 VMs, but this might be something to do with being a desktop OS. However it could also be to do with PowerShell Constrained Language Mode being enabled on the Windows 10 VM (I've really not done too much digging on this and so it is just a guess).
I'll continue to try and help over at the DscResources repo.