从 Azure ARM 模板 DSC 扩展中，模块无法导入，因为在此系统上禁用了运行脚本

我正在尝试从 ARM 模板在 Azure 中创建 Windows 10 VM，并使用 DSC 扩展对其进行配置以更改临时驱动器的盘符。

我发现模块 cMoveAzureTempDrive 可以轻松完成。 但是，当我在 Azure 中部署模板时，我收到一条错误消息，指出模块无法加载，因为系统上禁用了运行脚本：

{"code":"DeploymentFailed","message":"At least one resource deployment operation Failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"VMExtensionProvisioningError","message":"VM has reported a failure when processing extension 'Install'. Error message: \"DSC Configuration 'Install' completed with error(s). Following are the first few: Importing module cMoveAzureTempDrive Failed with error - File C:\\Program Files\\WindowsPowerShell\\Modules\\cMoveAzureTempDrive\\cMoveAzureTempDrive.psm1 cannot be loaded because running scripts is disabled on this system. For more information,see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionDSCWindowsTroubleshoot "}]}

我知道我可以从自定义脚本扩展启用脚本执行，但对我来说，如果不这样做就不能使用 DSC 模块，这似乎不是最佳选择。我对所有外部模块都有同样的问题。

您是否有能够使用 DSC 模块的解决方案？

这是我在 ARM 模板中的 DSC 扩展：

{
    "type": "Microsoft.Compute/virtualMachines/extensions","apiVersion": "2020-06-01","name": "[concat(parameters('vmName'),'/','Install')]","location": "[parameters('location')]","tags": "[parameters('resourceTags')]","dependsOn": [
        "[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'))]"
    ],"properties": {
        "publisher": "Microsoft.Powershell","type": "DSC","typeHandlerVersion": "2.9","autoUpgradeMinorVersion":true,"settings": {
            "wmfVersion": "latest","configuration": {
                "url": "[variables('DSCLocationURI')]","script": "Install.ps1","function": "Install"
            },"configurationArguments": {
            }
        },"protectedSettings": {
            "configurationUrlSasToken": "[parameters('storageAccountSASToken')]"
        }
    }
}

这是我的 DSC 代码：

{
   
    Import-DscResource -ModuleName 'PSDesiredStateConfiguration'
    Import-DscResource -ModuleName 'cAzureStorage'
    Import-DscResource -ModuleName 'cMoveAzureTempDrive'

    Node localhost
    {
        LocalConfigurationManager
        {
            ActionAfterReboot = 'ContinueConfiguration'
            RebootNodeIfNeeded = $true
        }

        cMoveAzureTempDrive cMoveAzureTempDrive
        {
            TempDriveLetter = 'T'
            Name = "MachineName"
        }
    }
}

解决方法

Configuration Security_Baseline_Windows_Client
{
  Import-DSCResource -ModuleName 'SecurityPolicyDSC'            # SecurityPolicyDSC is a Powershell Module for Security Settings  

  Import-DSCResource -ModuleName 'AuditPolicyDsc'               # AuditPolicyDsc is a Powershell Module for Advanced Audit Settings 

  Import-DscResource -ModuleName 'NetworkingDsc'                # NetworkingDsc is a Powershell Module for Firewall Settings 

  Import-DscResource -ModuleName 'PSDesiredStateConfiguration'  # PSDesiredStateConfiguration is a module that contains cmdlets that designed to work with DSC Resources.
  Node localhost
  {
    Script ExecutionPolicy
    {
        SetScript = {
            Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
        }
        TestScript = { $false }
        GetScript  = { @{} }
    }