Execution Policy problem

This topic contains 7 replies, has 3 voices, and was last updated by Profile photo of Dave Wyatt Dave Wyatt 10 months, 3 weeks ago.

  • Author
    Posts
  • #34041
    Profile photo of Steven Ayers
    Steven Ayers
    Participant

    I have a client who is getting the following message even though their Execution Policy is Unrestricted when they try to run a script!

    Execution Policy Change
    The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
    you to the security risks described in the about_Execution_Policies help topic at
    http://go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?
    [Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"):
    
  • #34046
    Profile photo of Tim Pringle
    Tim Pringle
    Participant

    Hi Steven,

    Run PowerShell both in 64 bit admin mode (via SYSTEM32) and 32 bit admin mode (via SYSWOW64), and set the policy as you want it there. See if that corrects the problem.

  • #34048
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Does the script contain a call to Set-ExecutionPolicy? That particular message should only come up when someone runs that cmdlet, just just as a result of running the script.

  • #34049
    Profile photo of Steven Ayers
    Steven Ayers
    Participant

    It did contain a set-executiopolicy with a force parameter, however when I removed that line of code, it still showed up...

  • #34050
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    That is very strange. Try this before running the script:

    Set-PSBreakpoint -Command Set-ExecutionPolicy
    

    Then run it again and see if the breakpoint triggers. If it does, you be able to find exactly where it's coming from.

  • #34052
    Profile photo of Steven Ayers
    Steven Ayers
    Participant

    I tried setting both execution policies to unrestricted – no luck.

    I added the breakpoint, it never hits it – the Execution Policy change thing pops up. I'm guessing it never hits the script code, rather the Execution Policy change is coming up BECAUSE you're running a script.

    Any ideas guys? Thanks for your help on this!

  • #34053
    Profile photo of Steven Ayers
    Steven Ayers
    Participant

    It may be worth mentioning, I am using "Run with PowerShell".

    When I run the script from an existing PS window, I don't have the same issue!

  • #34054
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    There's your problem. Here's what the "Run with PowerShell" command is set to do, in the registry:

    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & '%1'"
    

    I suppose I can sort of see the thought process that went into this. They _could_ have just done "powershell.exe -ExecutionPolicy Bypass -File '%1'", but then, if you happened to have set the policy to AllSigned, you'd be ignoring the signature. So instead, they try to only bypass if you're not set to AllSigned. (Bit odd that this still skips RemoteSigned, though).

    They didn't use -Force on the call to Set-ExecutionPolicy, presumably because they don't want people running arbitrary scripts by mistake. Remember, ExecutionPolicy is set to 'Restricted' by default.

    Anyhow, this only affects scripts launched with that particular explorer shortcut. Shouldn't be a problem in any other circumstance.

You must be logged in to reply to this topic.