Using -executionpolicy bypass -file?

Home Forums PowerShell Q&A Using -executionpolicy bypass -file?

You must be registered and logged in to reply to this topic.

This topic contains 5 replies, has 3 voices, and was last updated by  Vern Anderson 9 months, 4 weeks ago.

  • #11218

    BustedFlush
    Participant

    I'm trying to run a script written by someone else off of a network share. I'm executing it from a command line with the syntax powershell -executionpolicy bypass -file \\server\share\script.ps1. I get an error that the file is not digitally signed.

    I'm confused as to why isn't it bypassing the executionpolicy?

  • #11220

    Dave Wyatt
    Moderator

    Run this command at a PowerShell console, and post the results:

    Get-ExecutionPolicy -List

    It's possible that execution policy is being assigned to you via Group Policy; if that's the case, you can't override it with the -ExecutionPolicy parameter. This is from the about_Execution_Policies help file:

    EXECUTION POLICY PRECEDENCE
    —————————
    When determining the effective execution policy for a
    session, Windows PowerShell evaluates the execution policies
    in the following precedence order:

    – Group Policy: Computer Configuration
    – Group Policy: User Configuration
    – Execution Policy: Process (or PowerShell.exe -ExecutionPolicy)
    – Execution Policy: CurrentUser
    – Execution Policy: LocalMachine

    #11223

    BustedFlush
    Participant

    Scope ExecutionPolicy
    —– —————
    MachinePolicy RemoteSigned
    UserPolicy Undefined
    Process Undefined
    CurrentUser Undefined
    LocalMachine RemoteSigned

    #11226

    BustedFlush
    Participant

    It gets stranger. I wrote a 1 liner 'Hello Word' script and saved it to my personal network share, and tried to run it on the same computer, using bypass -file; worked like a hero.

    I copied the exact same script to the network share of the script that won't run, and now the same script gives me the error that my script is not signed. Hurr?

    #11229

    Dave Wyatt
    Moderator

    Yep, you've got RemoteSigned coming from Group Policy. Unless you'll be allowed to change that, you'll need to sign any script that's run from a UNC path like that.

    #11265

    Vern Anderson
    Participant

    Network shares are considered remote not local. I have run into the same problem too. Even if it's a mapped drive letter it is still "remote"

You must be registered and logged in to reply to this topic.