I'm in the process of disigning a "Corporate PowerShellFramework" for my company which will outline and define our corporate policies surrounding PowerShell as well as best scripting practices and so on. I see this policy as covering the following 3 aspects in regards to security policies:
1. Execution Policy
2. WinRM
3. Script Signing
When Ilook at this from an Administrator's view, I want RemoteSigned, open up WinRM on all servers and client machines, and never sign a script. The reason for this is because, well, it simply makes my job easier. However, to look at it from a security/managers view point - all sorts of questions can arise and their gut reaction is to set AllSigned, Turn off WinRM on all servers/clients and have every internal/external script signed.
I've done some research on each of these areas and I know that execution...
