Managing execution policy in an Active Directory domain

Welcome Forums General PowerShell Q&A Managing execution policy in an Active Directory domain

Viewing 0 reply threads
  • Author
    Posts
    • #265451
      Participant
      Topics: 11
      Replies: 17
      Points: 28
      Rank: Member

      We use group policy to manage execution policies and set them to RemoteSigned. By default, this creates the following set of scope and policies:

      Scope ExecutionPolicy
      MachinePolicy RemoteSigned
      UserPolicy RemoteSigned
      Process Undefined
      CurrentUser Undefined
      LocalMachine RemoteSigned

      We have some automation that sets up runspaces programmatically and no provisions for overriding the policy exist. With the above, we get the expected error:

      Windows PowerShell updated your execution policy successfully, but the setting is overridden by a policy defined at a more specific scope. Due to the override, your shell will retain its current effective execution policy of RemoteSigned. Type “Get-ExecutionPolicy -List” to view your execution policy settings. For more information please see “Get-Help Set-ExecutionPolicy”.

      The scope we want is RemoteSigned, and the scripts do not have an alternate stream. I can’t find any definitive information on why this occurs except for some posts which say it results due to the variation in scope as process and user is undefined.

      How can this be configured so it works as expected when I cannot alter the process of the runspace?

Viewing 0 reply threads
  • You must be logged in to reply to this topic.