Microsoft Exchange 2016 Edge Transport Server STIG:
(in versions v2 r4 through v1 r1)
The Exchange local machine policy must require signed scripts. (Cat II impact)
Scripts, especially those downloaded from untrusted locations, often provide a way for attackers to infiltrate a system. By setting machine policy to prevent unauthorized script executions, unanticipated system impacts can be avoided.
Open the Exchange Management Shell and enter the following command: Get-ExecutionPolicy If the value returned is not "RemoteSigned", this is a finding.
Open the Exchange Management Shell and enter the following command: Set-ExecutionPolicy RemoteSigned
Rule ID: SV-221216r612603_rule
Vulnerability ID: V-221216
Group Title: SRG-APP-000131
The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization.