CCE-33182-7Platform: cpe:/o:microsoft:windows_8.1 | Date: (C)2015-10-14 (M)2023-07-04 |
Run Windows PowerShell scripts first at user logon, logoff
This policy setting determines whether Windows PowerShell scripts will run before non-PowerShell scripts during user logon and logoff. By default, PowerShell scripts run after non-PowerShell scripts.
If you enable this policy setting, within each applicable Group Policy object (GPO), PowerShell scripts will run before non-PowerShell scripts during user logon and logoff.
For example, assume the following scenario:
There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A.
GPO B and GPO C include the following user logon scripts:
GPO B: B.cmd, B.ps1
GPO C: C.cmd, C.ps1
Assume also that there are two users, Qin Hong and Tamara Johnston.
For Qin, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following order for Qin:
Within GPO B: B.ps1, B.cmd
Within GPO C: C.ps1, C.cmd
For Tamara, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the following order for Tamara:
Within GPO B: B.cmd, B.ps1
Within GPO C: C.cmd, C.ps1
Note: This policy setting determines the order in which user logon and logoff scripts are run within all applicable GPOs. You can override this policy setting for specific script types within a specific GPO by configuring the following policy settings for the GPO:
User ConfigurationPoliciesWindows SettingsScripts (Logon/Logoff)Logon
User ConfigurationPoliciesWindows SettingsScripts (Logon/Logoff)Logoff
This setting appears in the Computer Configuration and User Configuration folders. The setting set in Computer Configuration takes precedence over the setting set in User Configuration.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesSystemScripts!Run Windows PowerShell scripts first at user logon, logoff
(2) REG: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem!RunUserPSScriptsFirst
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.3 | Attack Vector: LOCAL |
Exploit Score: 1.8 | Attack Complexity: LOW |
Impact Score: 3.4 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:28744 |