Execution Policy and Group Policy
Welcome to 2015!
Every new PowerShell user negotiates the infamous 'Execution Policy' when trying to run a script for the first time... Why can't I just run a script? What do I need to do to run a script? Ah, happy memories...
An 'Execution Policy' defines rules for script or configuration file execution: for example, we can stipulate that only digitally-signed scripts are allowed to be called. The default execution policy setting is 'Restricted' which means that scripts or configuration files are not allowed to run - this provides a level of protection against unauthorised or accidental script execution.
We can use Get-ExecutionPolicy and Set-ExecutionPolicy cmdlets to check and define execution policy settings on a computer. If an 'Execution Policy' is set at user or local computer level the setting is stored in the registry.
And, so... I quite often get asked how to configure the PowerShell execution policy on a wide scale, i.e. for a large number of clients or servers. The answer, of course, is Group Policy and details are found in the about_Execution_Policies help file...
The PowerShellExecutionPolicy.admx file adds the "Turn on Script Execution" policy to the Computer Configuration and User Configuration nodes in Group Policy Editor in the following path:
For Windows Vista and later versions of Windows:
Administrative Templates\Windows Components\Windows PowerShell
Policies set in the Computer Configuration node take precedence over policies set in the User Configuration node.
Comments
- Anonymous
February 23, 2017
it seems that User gpo setting isn't working on windows 10 1607.???