0

In my app installer (InnoSetup), I need to run some powershell scripts.

Here is the code in Pascal:

Exec('cmd', '/C powershell -F .\MyScript.ps1 -ExecutionPolicy Unrestricted', '', SW_HIDE, ewWaitUntilTerminated, ResultCode);

Basically, it runs in a command prompt the following command:

powershell -F .\MyScript.ps1 -ExecutionPolicy Unrestricted

The problem is that I get the following error:

MyScript.ps1 cannot be loaded because the execution of scripts is disabled on this system.

I know I can fix it by manually setting the ExecutionPolicy before running my script but my understanding of the -ExecutionPolicy argument is that it "overrides" the execution policy during the execution of the script. My goal when positioning this argument is to handle all cases, since I cannot predict the execution policy of the computer that will install my app.

Some additional information:

  • the installer is run as administrator
  • it looks like inno setup run in x86 mode
  • the execution policy of the computer I test the installer on is set to Restricted (in both x86 and x64)
fharreau
  • 2,105
  • 1
  • 23
  • 46
  • 2
    How is the policy set? If via GPO, then [you can't over-ride it](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.1#set-a-different-policy-for-one-session): _"During the session, the execution policy that is set for the session takes precedence over an execution policy that is set in the registry for the local computer or current user. **However, it doesn't take precedence over the execution policy set by using a Group Policy**"_ – boxdog May 04 '21 at 09:03
  • Oh ... I missed that last line in the doc ... Yeah, it is set by GPO. So bad :'( – fharreau May 04 '21 at 09:06
  • You need to explain to whoever manages the GPOs that [PowerShell's execution policy is not a security boundary](https://stackoverflow.com/questions/49772982/). – Bill_Stewart May 04 '21 at 21:46

0 Answers0