Initialize-TestEnvironment will fail if your box is Domain Joined machine #68

guitarrapc opened this Issue Jul 28, 2016 · 2 comments


None yet

3 participants

guitarrapc commented Jul 28, 2016 edited


Initialize-TestEnvironment will failed to change Execution policy if Box is joined to Domain.


When you run like other DSC Resource doing, you will get Security Error on L383

# Initialize
[String] $moduleRoot = Split-Path -Parent (Split-Path -Parent (Split-Path -Parent $Script:MyInvocation.MyCommand.Path))
if ( (-not (Test-Path -Path (Join-Path -Path $moduleRoot -ChildPath 'DSCResource.Tests'))) -or `
     (-not (Test-Path -Path (Join-Path -Path $moduleRoot -ChildPath 'DSCResource.Tests\TestHelper.psm1'))) )
    & git @('clone','',(Join-Path -Path $moduleRoot -ChildPath '\DSCResource.Tests\'))
    & git @('-C',(Join-Path -Path $moduleRoot -ChildPath '\DSCResource.Tests\'),'pull')
Import-Module (Join-Path -Path $moduleRoot -ChildPath 'DSCResource.Tests\TestHelper.psm1') -Force
$TestEnvironment = Initialize-TestEnvironment -DSCModuleName $global:dscModuleName -DSCResourceName $global:dscResourceName -TestType Unit
Initializing Test Environment for Unit testing of Grani_CredentialManager in module GraniResource.
DSC Module Manifest 'GraniResource.psd1' detected in folder 'D:\Github\guitarrapc\GraniResource'.
[-] Error occurred in test script 'D:\Github\guitarrapc\GraniResource\Test\Grani_CredentialManager\Grani_CredentialManager.Tests.ps1' 1.29s
  Security error.
  at Initialize-TestEnvironment, D:\Github\guitarrapc\GraniResource\DSCResource.Tests\TestHelper.psm1: line 383


Issue happen when Domain Joined machine, or any other condition may apply, had restricted to change ExecutionPolicy. You can reproduce error by following on Domain Joined Box.

Set-ExecutionPolicy -ExecutionPolicy Unrestricted
Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks described in the
about_Execution_Policies help topic at Do you want to change the execution policy?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"): y
Set-ExecutionPolicy : Windows PowerShell updated your execution policy successfully, but the setting is overridden by a policy defined at a more specific scope.  Due to the ove
rride, your shell will retain its current effective execution policy of Bypass. Type "Get-ExecutionPolicy -List" to view your execution policy settings. For more information pl
ease see "Get-Help Set-ExecutionPolicy".
At line:1 char:1
+ Set-ExecutionPolicy -ExecutionPolicy Unrestricted
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (:) [Set-ExecutionPolicy], SecurityException
    + FullyQualifiedErrorId : ExecutionPolicyOverride,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand

Proposal fix

You can avoid issue by just change execution policy to only current Process. As this function aim to remove any side-effect with Test, I propose limit to current process is much better.

Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process -Force
PlagueHO commented Aug 2, 2016

@guitarrapc - good catch! Your solution looks like it would work.

Does this work OK for both Unit tests and Integration tests?
Can anyone else think of a reason not to make this change?

Do you want to submit a PR for this?

guitarrapc commented Aug 2, 2016 edited

@PlagueHO It encounter with my resource testing, and Pester test go green with my resolution.

I doubt any reason with this, but couldn't imagine at all 😕

@kwirkykat kwirkykat added the bug label Aug 3, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment