locked
Execution Policy Information RRS feed

  • Question

  • In order to run script ps1 files, one must change the execution policy to RemoteSigned.

    Is there any good (in-depth) information discussing the different execution policies and the risk thereof?

    Also, is there a way to restrict users from changing Execution Policy and blocking a user from changing it back with PS from the command line?

    Wednesday, January 15, 2014 4:23 PM

Answers

  • Read "Get-Help about_Execution_Policies" for all the details.

    You can set up the execution policy via Group Policy; if you do that, it cannot be overridden on the command line.

    • Proposed as answer by Mike Laughlin Wednesday, January 15, 2014 4:32 PM
    • Marked as answer by AnnaWY Thursday, January 23, 2014 6:08 AM
    Wednesday, January 15, 2014 4:25 PM
  • Hi,

    If you are using a Group Policy to define a PowerShell logon, logoff or computer script, that script will disregard any execution policy set locally or through a GPO. These scripts execute with a Bypass execution policy. The assumption is that you have created the script, know what it does and have taken precautions to secure it.

    Regards,

    Yan Li


    Regards, Yan Li

    • Marked as answer by AnnaWY Thursday, January 23, 2014 6:08 AM
    Thursday, January 16, 2014 5:50 AM

All replies

  • Read "Get-Help about_Execution_Policies" for all the details.

    You can set up the execution policy via Group Policy; if you do that, it cannot be overridden on the command line.

    • Proposed as answer by Mike Laughlin Wednesday, January 15, 2014 4:32 PM
    • Marked as answer by AnnaWY Thursday, January 23, 2014 6:08 AM
    Wednesday, January 15, 2014 4:25 PM
  • Thank you David.

    Is there a way to run a ps1 on a machine at login with a custom execution policy different than the one set by Group Policy (i.e. through Group Policy)?

    Wednesday, January 15, 2014 9:21 PM
  • Is there a way to run a ps1 on a machine at login with a custom execution policy different than the one set by Group Policy (i.e. through Group Policy)?

    Try Bypass, that might do the trick for you.

    Don't retire TechNet! - (Don't give up yet - 12,575+ strong and growing)


    Wednesday, January 15, 2014 9:50 PM
  • Hi,

    If you are using a Group Policy to define a PowerShell logon, logoff or computer script, that script will disregard any execution policy set locally or through a GPO. These scripts execute with a Bypass execution policy. The assumption is that you have created the script, know what it does and have taken precautions to secure it.

    Regards,

    Yan Li


    Regards, Yan Li

    • Marked as answer by AnnaWY Thursday, January 23, 2014 6:08 AM
    Thursday, January 16, 2014 5:50 AM