Universal Dashboard as a Windows service - ExecutionPolicy

I have a working UD I want to run as a service on a Windows server.
It was correctly installed with Publish-UDDashboard but refuses to start.
The Eventviewer shows the following:

Error starting dashboard:
Windows PowerShell updated your execution policy successfully, but the setting is overridden by a policy defined at a more specific scope. Due to the override, your shell will retain its current effective execution policy of RemoteSigned. Type “Get-ExecutionPolicy -List” to view your execution policy settings. For more information please see “Get-Help Set-ExecutionPolicy”.
at , : line 1

Our servers are centrally managed and don’t allow to change the ExecutionPolicy on server level.
Can I start the Dashboard service in another way?

Looks like you would have to sign your powershell script so your server can run it.

RemoteSigned All remote scripts (UNC) or downloaded need to be signed.

Since the scripts are local to the server they don’t need to be signed.
I have the impression that UniversalDashboard.Server.exe tries to change the ExecutionPolicy which throws an error, probably even before opening the script.

It does set the execution policy. I would suggest raising a GitHub issue for this. We can add a config option to prevent it from doing that.

Thanks, will do.
In the meantime I’ll build a version myself.

I installed the nightly build because I saw you solved issue #1295.

After modifying the following line in Publish-UDDashboard (UniversalDashboardServer.psm1) :

sc.exe create UniversalDashboard DisplayName= "PowerShell Universal Dashboard" binPath= "$binPath --run-as-service --dont-set-execution-policy" start= "$ServiceStart"

I could start my dashboard as a service without errors.

Thank you a lot, Alan.

Awesome. I’ll add a parameter to publish-uddashboard to be able to set that command line arg.

I attempted to upgrade to start using v2.7 and I am seeing the same error when running under IIS. As Publish-UDDashboard is not coming into play, is there some way to disable Execution Policy change this when running just Start-UDDashboard with an object created by New-UDDashboard under IIS? v2.4.1 is my current version and I see no such error.

Not done this myself but have you done as @RudySchockaert-Engie has done?

I have not, but I am not running UD as a service, I am running it under IIS. My dashboard.ps1 called by the web.config is running Start-UDDashboard, does that in turn call Publish-UDDashboard which looks to run sc.exe to create a separate service?

I think in the IIS web.config you’ll be able to set the --dont-set-execution-policy for the UniversalDashboard.Server.exe process.

That worked, thank you!

Although now it seems that AD Claims based auth is broken with v2.7 as none of my pages work unless I remove the -AuthorizationPolicy option. They were all working with 2.4.1 and nothing changed other than the UD Module version. Has anything changed with Claims based Auth from 2.4.1 to 2.7 that would explain this? I see in the release notes that it should be reading all policies and cachine, but not sure why it would fail to read valid policies?

When I run the $ClaimsPrincipal.HasClaim() from the Design Terminal in v2.7, it evaluates to TRUE, but in the Debug Log I see “No valid authorization policies for session.” If I roll back to 2.4.1 it starts working again.

Replace $ClaimsPrincipal with $User and it will work.

Thank you, that works. Strange, I thought of that but when I tried $User.HasClaim() from within the Terminal on 2.7 I got an error as it was interpreting $User as a string so I did not try it in code. Anyway, thanks!

Its a bug that was introduced in 2.7, should be fixed once 2.8 drops.