locked
Inconvenience of “Set-ExecutionPolicy RemoteSigned” command RRS feed

  • Question

  • Hi, I am using powershell to parse a comma separated file using the "import-csv" cmdlet.  A batch file calls the powershell script passing parameter of dates in file names to linearly search the csv file and extract information from lines in the csv file matching the date. 

    The problem is the inconvenience of having to execute the command “Set-ExecutionPolicy RemoteSigned” as I can't easily give my batch application to someone else who is not tech savvy and expect them to run this command. I am not doing anything that threatens security.  I am thinking I made the wrong choice of powershell and should have chosen to search csv file using bash.

    Sunday, November 4, 2018 2:40 AM

Answers

  • To clarify.  The RemoteSigned will work under some scenarios but bypass says to ignore policy no matter how it is set.  Any user can  bypass policy at a prompt and under the user credentials in the task scheduler if policy allows.

    Depending on the script ByPass or RemoteSigned may work for this user.  Try it.


    \_(ツ)_/


    Sunday, November 4, 2018 8:02 AM

All replies

  • That is the correct behavior for PowerShell.

    The execution policy commands ae not designed to be executed by everyone.  You run this command once per machine as an elevated administrator.  The command alters the registry and sets the policy.

    You can also set this with Group Policy which is the recommended method.

    Start by carefully reading the help for this command and also the PowerShell documentation on how PowerShell is designed to work and protect users.


    \_(ツ)_/

    Sunday, November 4, 2018 5:43 AM
  • why not write the command into your batch file then..

    @echo off
    Powershell.exe -executionpolicy remotesigned -File  C:\Users\me\Desktop\ps.ps1
    pause


    • Edited by Jon.Knight Sunday, November 4, 2018 7:46 AM
    • Proposed as answer by jrv Monday, November 5, 2018 1:49 AM
    Sunday, November 4, 2018 7:39 AM
  • why not write the command into your batch file then..

    @echo off
    Powershell.exe -executionpolicy remotesigned -File  C:\Users\me\Desktop\ps.ps1
    pause


    This serves no purpose and will not do  what the user asked.  Only an Admin can override the machine policy.

    Also the command you are thinking of is the following:

    powershell -executionpolicy nypass -File  C:\Users\me\Desktop\ps.ps1


    \_(ツ)_/

    Sunday, November 4, 2018 7:51 AM
  • To clarify.  The RemoteSigned will work under some scenarios but bypass says to ignore policy no matter how it is set.  Any user can  bypass policy at a prompt and under the user credentials in the task scheduler if policy allows.

    Depending on the script ByPass or RemoteSigned may work for this user.  Try it.


    \_(ツ)_/


    Sunday, November 4, 2018 8:02 AM
  • Both RemoteSigned and Bypass are working for me. I tried it on Windows 10 Professional and Home, and with Adminstrator and Standard users.

    I was not able to try setting the Group Policy as I don't think I have the tools to do that on a workstation.  If I understand correctly, setting Group Policy to Restricted cannot be overridden by this technique we have been discussing of setting executionpolicy when calling powershell on the command line.  Please correct if me if I am wrong. Thank you.

    Wednesday, November 7, 2018 8:11 AM