none
GPO for 64 bit PowerShell execution policy

    Question

  • Configuring the execution policy via group policy under :

    Computer Configuration > Policies > Administrative Templates >Windows Components > Windows PowerShell

    "Turn on Script Execution" and set it to allow only signed scripts. 

    Then run gpupdate /force on target machine

    I can see the policy updates my execution policy on windows powershell (x86) but it does not apply to windows powershell. 

    Anyone have any idea what I'm missing or know how to resolve?

    Additionally, I am able to push out a reg key to update the localmachine scoped policy but i need to update the machinepolicy scope. You can see these by running: Get-ExecutionPolicy -List

    Monday, December 12, 2016 5:27 PM

All replies

  • Hi,

    For Windows 7, Windows 8, Windows Server 2008 R2 or Windows Server 2012, there is an x64 and x86 version of PowerShell both of which have to have their execution policies set.  We should set the execution policy in both hosts.

    Running as administrator, you can set the execution policy by typing this into your PowerShell window:

    Set-ExecutionPolicy RemoteSigned

    In our case, please try to run C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ powershell.exe as Administrator, then Set-ExecutionPolicy RemoteSigned.

    Or powershell -ExecutionPolicy ByPass -File script.ps1 for temporary bypass method.

    More information here:

    Using the Set-ExecutionPolicy Cmdlet

    https://technet.microsoft.com/en-us/library/ee176961.aspx

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, December 13, 2016 7:07 AM
    Moderator
  • Thank you but I need to set the execution policy through group policy.
    Tuesday, December 13, 2016 3:59 PM
  • Hi,

    Below steps may be helpful to you:

    1.Open Group Policy Management Editor

    2.Browse to Computer Configuration> Preferences>Windows Settings> Registry

    3.Right click and create a new registry item:

    Action: Update

    Hive: HKEY_LOCAL_MACHINE

    Key Path: SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell

    Value name: ExecutionPolicy

    Value type: REG_SZ

    Value data: RemoteSigned

    4.Now create a second registry item that will cover 32-bit Powershell on 64-bit machines:

    Action: Update

    Hive: HKEY_LOCAL_MACHINE

    Key Path: SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell

    Value name: ExecutionPolicy

    Value type: REG_SZ

    Value data: RemoteSigned

    On the "Common" tab…

    a. Check Item-level targeting

    b. Press the "Targeting" button

    c. Create a new "Environment Variable" item

    d. Name: PROCESSOR_ARCHITECTURE

    e. Value: AMD64

    5.Verify that only the local settings are being applied and that the preference will reset the value if a user changes it.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, December 14, 2016 2:25 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, December 16, 2016 4:49 AM
    Moderator
  • Can you elaborate on step 5, is this a setting under the registry item?
    Friday, December 16, 2016 6:00 PM
  • Hi,

    Check the link below:

    Navigating the Registry

    https://technet.microsoft.com/en-us/library/bb648598(v=vs.85).aspx

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, December 19, 2016 6:30 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, December 22, 2016 6:35 AM
    Moderator