Configure PowerShell Execution policy in Active Directory
Note: If you are using TA-Windows version 6.0.0 or later then you don't need TA_AD and TA_DNS, as they are merged with TA-Windows. To configure TA-Windows v6.0.0, Please refer to Deploy and configure the Splunk Add-on for Windows version 6.0.0 or later.
Enable local PowerShell script execution
The Splunk Add-ons for Microsoft Exchange, Microsoft Active Directory, and Windows DNS contain PowerShell scripts that run on the AD (domain controllers and DNS) and Exchange hosts in your Exchange Server environment. You must configure the domain controllers to allow local execution of PowerShell scripts so that they can run.
All versions of Windows Server after Windows Server 2008 SP2 have PowerShell 2.0 installed by default. All versions of Windows Server 2012 have PowerShell 3.0 installed by default. You might need to install Windows Management Framework on Windows Server 2003 family computers.
Download Windows Management Framework
- If required, download Windows Management Framework (http://support.microsoft.com/kb/968929) from Microsoft's Support site and install it.
- If required, download the Administrative Templates (.admx) for your version of Microsoft Windows from the [Microsoft Download Center https://www.microsoft.com/en-us/download/], then copy
PowerShellExecutionPolicy.admxfile into your Administrative Templates folder (default location is
Note: All versions of Windows Server 2008 (except Core) and later have the required templates for PowerShell installed.
Create a GPO to change Active Directory PowerShell execution policy
- Create a new Active Directory GPO:
- Open the GPO for editing.
- In the GPO editor, select Computer Configuration > Policies > Administrative Templates > Windows Components > Windows PowerShell.
- Right-click "Turn on script execution", then select "Edit".
- In the window that appears, click the "Enabled" radio button.
- In the "Execution Policy" drop-down, select Allow local scripts and remote signed scripts.
- Click "OK" to accept the changes.
- Close the Group Policy Object editor to save your changes.
- Deploy the GPO.
Monitor GPO updates to the domain
After you have deployed the GPOs, it can take up to 120 minutes before Active Directory applies the GPOs to the domain. If you want to deploy the GPOs faster, you must run the
GPUPDATE /force command on every computer upon which you want to update Group Policy.
Download and configure the Splunk Add-ons for Microsoft Active Directory
Configure Active Directory audit policy
Download and configure the Splunk Add-on for Microsoft Active Directory
This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 4.0.4
Feedback submitted, thanks!