Execution Policy problem

Welcome Forums General PowerShell Q&A Execution Policy problem

This topic contains 7 replies, has 3 voices, and was last updated by

 
Member
2 years, 9 months ago.

  • Author
    Posts
  • #34041

    Participant
    Points: 0
    Rank: Member

    I have a client who is getting the following message even though their Execution Policy is Unrestricted when they try to run a script!

    Execution Policy Change
    The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
    you to the security risks described in the about_Execution_Policies help topic at
    http://go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?
    [Y] Yes  [N] No   Suspend  [?] Help (default is "Y"):
    
  • #34046

    Participant
    Points: 5
    Published
    Rank: Member

    Hi Steven,

    Run PowerShell both in 64 bit admin mode (via SYSTEM32) and 32 bit admin mode (via SYSWOW64), and set the policy as you want it there. See if that corrects the problem.

  • #34048

    Member
    Points: 0
    Rank: Member

    Does the script contain a call to Set-ExecutionPolicy? That particular message should only come up when someone runs that cmdlet, just just as a result of running the script.

  • #34049

    Participant
    Points: 0
    Rank: Member

    It did contain a set-executiopolicy with a force parameter, however when I removed that line of code, it still showed up...

  • #34050

    Member
    Points: 0
    Rank: Member

    That is very strange. Try this before running the script:

    Set-PSBreakpoint -Command Set-ExecutionPolicy
    

    Then run it again and see if the breakpoint triggers. If it does, you be able to find exactly where it's coming from.

  • #34052

    Participant
    Points: 0
    Rank: Member

    I tried setting both execution policies to unrestricted – no luck.

    I added the breakpoint, it never hits it – the Execution Policy change thing pops up. I'm guessing it never hits the script code, rather the Execution Policy change is coming up BECAUSE you're running a script.

    Any ideas guys? Thanks for your help on this!

  • #34053

    Participant
    Points: 0
    Rank: Member

    It may be worth mentioning, I am using "Run with PowerShell".

    When I run the script from an existing PS window, I don't have the same issue!

  • #34054

    Member
    Points: 0
    Rank: Member

    There's your problem. Here's what the "Run with PowerShell" command is set to do, in the registry:

    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & '%1'"
    

    I suppose I can sort of see the thought process that went into this. They _could_ have just done "powershell.exe -ExecutionPolicy Bypass -File '%1'", but then, if you happened to have set the policy to AllSigned, you'd be ignoring the signature. So instead, they try to only bypass if you're not set to AllSigned. (Bit odd that this still skips RemoteSigned, though).

    They didn't use -Force on the call to Set-ExecutionPolicy, presumably because they don't want people running arbitrary scripts by mistake. Remember, ExecutionPolicy is set to 'Restricted' by default.

    Anyhow, this only affects scripts launched with that particular explorer shortcut. Shouldn't be a problem in any other circumstance.

The topic ‘Execution Policy problem’ is closed to new replies.