0

When I run any script from a .ps1 file on my server I receive an error about the Set-ExcutionPolicy being successful but being overridden by a higher scope. However none of the code I am running has anything to do with execution policies or changing them. Any Idea why I'm getting this error?

This is on a Windows 2012 R2 server where execution policy for all levels is set to remote signed. I'm running on PowerShell V4.0

If I open PowerShell or the ISE and type in the command it completes without showing the error it only occurs when I try and run a script from a .ps1 file.

This is the error:

Set-ExecutionPolicy : Windows PowerShell updated your execution policy
successfully, but the setting is overridden by a policy defined at a more
specific scope.  Due to the override, your shell will retain its current
effective execution policy of RemoteSigned. Type "Get-ExecutionPolicy -List"
to view your execution policy settings. For more information please see
"Get-Help Set-ExecutionPolicy".
At line:1 char:46
+ if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process  ...
+                                              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (:) [Set-ExecutionPolicy], SecurityException
    + FullyQualifiedErrorId : ExecutionPolicyOverride,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand
Ansgar Wiechers
  • 193,178
  • 25
  • 254
  • 328
Tourius
  • 31
  • 1
  • 9
  • It occurs when I run any powershell saved script. It can be as simply as get-services it still shows the error. I can't share many details as this is a work server. – Tourius Dec 13 '18 at 13:44
  • Show the actual error. It is likely that you've got some group policy object, or other restrictions in place, from an enterprise security perspective. – gravity Dec 13 '18 at 15:13
  • 1
    [Related](https://stackoverflow.com/a/27755459/1630171). – Ansgar Wiechers Dec 13 '18 at 18:11
  • Besides, what do you mean *"none of the code I am running has anything to do with execution policies or changing them"* when the error clearly shows you're running `Set-ExecutionPolicy` (or at least trying to)? – Ansgar Wiechers Dec 13 '18 at 18:16
  • have you looked into ALL of your various profiles? the one used for running scripts is likely the console profile ... and it may have a script in it that creates the error you show. – Lee_Dailey Dec 13 '18 at 19:05
  • You probably have a GPO that set the executionPolicy – Bonneau21 Dec 13 '18 at 21:18
  • @AnsgarWiechers - This is why I'm asking the question. I'm seeing this error when I run a saved script that contains a code as simple as 1 line saying {get-services}. Also the related post isn't related to my issue. I understand how to set my execution policy and the way scope works I'm confused as to why I see this error when I'm not trying to change the policy at all. – Tourius Dec 14 '18 at 09:49
  • @Lee_Dailey Thanks I will have a look at the Profile running the script – Tourius Dec 14 '18 at 09:51
  • @FrédéricBonneau. I know that we have a GPO that sets the execution policy at the highest two scopes. I'm just wondering why me running a script is making it think I want to change this. – Tourius Dec 14 '18 at 09:51
  • Do you get the same error if you launch `powershell.exe -NoProfile -NoExit` from CMD or the Run dialog and then run a script in that instance? – Ansgar Wiechers Dec 14 '18 at 09:55
  • No I don't see the error if I run it from a CMD instance. – Tourius Dec 14 '18 at 10:07
  • @Tourius - if running it with `-NoProfile` avoids the error ... then the source is almost certainly in the profile being used by `powershell.exe`. time to start digging thru those files! [*grin*] – Lee_Dailey Dec 14 '18 at 10:18

1 Answers1

0

The "Run with PowerShell" context menu entry for .ps1 files invokes the following commandline:

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & '%1'"

It's stored in the registry key HKCU\Microsoft.PowerShellScript.1\Shell\0\Command. Since you have the execution policy defined via Group Policy, setting a conflicting execution policy in the Process scope whenever you're running a PowerShell script via its context menu causes the error you observed.

Change the commandline in the registry to something like this:

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -File "%L"

and the error will disappear.

Ansgar Wiechers
  • 193,178
  • 25
  • 254
  • 328