Workaround to Install Windows PowerShell on EFS Disabled Vista

»»»Workaround to Install Windows PowerShell on EFS Disabled Vista
When you try to install Windows PowerShell 1.0 in Windows Vista which has EFS (Encrypting File System) disabled or turned off, you may encounter an error message prompted in “Windows Update Standalone Installer” dialog box:

Installer encountered an error: 0x8007177f .
This machine is disabled for file encryption.

The application failure to install because Windows PowerShell installer which is delivered as an update to Vista needs file encryption support provided by EFS on NTFS file system. Thus a simple workaround to get Windows PowerShell to install on Vista is by enable or turn on EFS for a short period for installation to take place, and disable or turn off again the EFS once installation done. This workaround does not affect the features and functionality of PowerShell in Vista.

To enable EFS, press Windows-R and then type gpedit.msc in the Open text box. Confirm any User Account Control warning message. In Group Policy Object Editor, browse to Computer Configuration -> Windows Settings -> Security Settings -> Public Key Policies -> Encrypting File System. Right-click on Encrypting File System, and select Properties on the right click menu. Finally, set the EFS state (File encrypting using Encrypting File System) to “Allow”. Click OK when done.

To verify that the above worked, press Windows-R and then type in rsop.msc in the Open text box, and hit Enter to start it. Browse to the same path as above, and verify the setting.

If your computer is joined to a domain, and domain administrator has disabled EFS via GPO, then it’s impossible to enable EPS locally. In this case, you will have to unjoin and depart from the domain, enable EFS to complete the PowerShell install, and then rejoin the domain again.

To unjoin from a domain, you need to be local administrator. Then go to Control Panel -> System and Maintenance -> System. Under the section of Computer names, domain and workgroup settings, click on Change settings. Confirm UAC request. On System Properties window, click on Change button. Then set your computer as a member of workgroup with any name i.e. workgroup.

By |2016-12-09T08:40:01+00:00December 9th, 2016|Categories: Enterprise Solutions|Tags: , , |2 Comments

About the Author:

LK is a technology writer for Tech Journey with background of system and network administrator. He has be documenting his experiences in digital and technology world for over 15 years.Connect with LK through Tech Journey on Facebook, Twitter or Google+.