6

I have been creating a powershell script to help me automate tasks across various user's PCs, I've encountered an issue where I have to manually allow scripts to run on each PC before I can execute it.

I have attempted to use various solutions that I have found but so far none seem to work.

Solutions I have tried as a batch file (Ideally I would like to have the batch file download the script (sorted this already) then open the powershell script and successfully bypass this):

powershell.exe -executionpolicy bypass -windowstyle hidden -noninteractive -nologo -file "multitool.ps1"

powershell -command "& {Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force}"

    @echo off
reg add HKLM\system32\windows\microsoft\powershell\1\shellids\microsoft.powershell /v "Path" /d "c:\windows\system32\windowspowershell\v1.0\powershell.exe"
reg add HKLM\system32\windows\microsoft\powershell\1\shellids\microsoft.powershell /v "ExecutionPolicy" /d "unrestricted"

@echo off
regedit /s file.reg

Where file.reg contains the following:

[hkey_local_machine\system32\windows\microsoft\powershell\1\shellids\microsoft.powershell] 
"Path"="c:\windows\system32\windowspowershell\v1.0\powershell.exe"
"ExecutionPolicy"="unrestricted"

All of these result in the following when running the powershell script: screen shot

All help is greatly appreciated

mklement0
  • 382,024
  • 64
  • 607
  • 775
KR4STL
  • 101
  • 1
  • 1
  • 5
  • 1
    In order to permanently change the execution policy, you need to run your powershell or registry change elevated, i.e Run as administrator. Additionally, you may have to modify your Windows setting which is likely to have marked your downloaded file as unsafe, this is a common marker attributed to executable downloaded files. – Compo Apr 26 '21 at 16:31

3 Answers3

4

powershell.exe -executionpolicy bypass ... is the right approach in principle for an ad-hoc policy override, but as the conceptual help topic that the error message points to, about_Execution_Policies, states, if execution policies are set via Group Policy (rather than via Set-ExecutionPolicy), they cannot be overridden through other means, including on the command line:

From the Use Group Policy to Manage Execution Policy section (emphasis added):

You can use the Turn on Script Execution Group Policy setting to manage the execution policy of computers in your enterprise. The Group Policy setting overrides the execution policies set in PowerShell in all scopes.

See also: About Group Policy Settings (Windows PowerShell) and About Group Policy Settings (PowerShell (Core) 7+), which discusses the relevant Group Policy settings in detail.

mklement0
  • 382,024
  • 64
  • 607
  • 775
4

Closest solution I've found for this is running the following line in powershell as admin which will execute the script and bypass the restrictions:

powershell.exe -executionpolicy unrestricted C:\multitool.ps1

If anyone has a cleaner solution that can run the script from the bat file I would greatly appreciate it.

KR4STL
  • 101
  • 1
  • 1
  • 5
  • In essence, this is no different from the first command in your question, so if this command works, so does the one in the question. As explained, only GPO-based execution policies could thwart this approach. (The only difference is that `Bypass` _never_ restricts script execution, whereas `Unrestricted`, despite its name, will prompt you to confirm the intent to execute scripts downloaded from the internet.) – mklement0 Jun 03 '21 at 20:37
2

Try running this code, it helped me with same problem

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted
JonDane
  • 21
  • 1