Whats does this Windows Powershell ExecutionPolicy error message mean? - powershell

I am attempting to run a PowerShell script and I get this error. It does not seem to affect my script, but just wanted to know what this is.
Windows PowerShell Set-ExecutionPolicy Error:

Google is your friend, sir...
https://blogs.msdn.microsoft.com/pasen/2011/12/07/set-executionpolicy-windows-powershell-updated-your-execution-policy-successfully-but-the-setting-is-overridden-by-a-policy-defined-at-a-more-specific-scope/
Run powershell as Admin
However, if the issue persists and "Get-ExecutionPolicy -List" command shows something similar as shown below:
MachinePolicy = RemoteSigned
UserPolicy = Undefined
CurrentUser = Unrestricted
LocalMachine = RemoteSigned
Execute the below commands in powershell commandline as an administrator:
Set-ExecutionPolicy "RemoteSigned" -Scope Process -Confirm:$false
Set-ExecutionPolicy "RemoteSigned" -Scope CurrentUser -Confirm:$false
This will set the execution policy for the given scope.
On executing "Get-ExecutionPolicy -List", we should now see the below:
MachinePolicy = RemoteSigned
UserPolicy = Undefined
Process = RemoteSigned
CurrentUser = RemoteSigned
LocalMachine = RemoteSigned

Related

PowerShell, cannot set execution policy to Unrestricted in Windows Sandbox

I have a startup script that runs during Window Sandbox startup that sets the execution policy while I am in that session.
$E = $ErrorActionPreference
$ErrorActionPreference = 'SilentlyContinue'
if ((Get-ExecutionPolicy -Scope LocalMachine) -ne "Unrestricted") {
Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force # Will always error if CurrentUser scope is set already
}
$ErrorActionPreference = $E
However, everytime tht script rung inside the Windows Sandbox, I get the following error:
Set-ExecutionPolicy : Windows PowerShell updated your execution policy
successfully, but the setting is overridden by a policy defined at a more
specific scope. Due to the override, your shell will retain its current
effective execution policy of Bypass. Type "Get-ExecutionPolicy -List" to view
your execution policy settings. For more information please see "Get-Help
Set-ExecutionPolicy".
At C:\Users\WDAGUtilityAccount\Desktop\MySandbox\MySandbox.ps1:1198
char:3
+ Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force # W ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (:) [Set-ExecutionPolicy], Sec
urityException
+ FullyQualifiedErrorId : ExecutionPolicyOverride,Microsoft.PowerShell.Com
mands.SetExecutionPolicyCommand
When I list the policy inside the Sandbox session, I get:
PS C:\> Get-ExecutionPolicy -List
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser Undefined
LocalMachine RemoteSigned
Why is the policy that I am trying to set, not being set (apparently)? Maybe the LocalMachine policy is being picked up from the Host system, but if so, how can I override that (this script the startup script that always runs with elevated privileges after all!)?

PowerShell, only run Set-Execution if it is not already set?

I have a script that tries to run these...
Set-ExecutionPolicy -scope CurrentUser RemoteSigned -Force -ea silent
Set-ExecutionPolicy RemoteSigned -Force -ea silent
But I get this error:
Set-ExecutionPolicy : Windows PowerShell updated your execution policy successfully, but the setting is overridden by a policy defined at a
more specific scope. Due to the override, your shell will retain its current effective execution policy of Bypass. Type "Get-ExecutionPolicy
-List" to view your execution policy settings.
So I tried this:
if ($(Get-ExecutionPolicy) -ne "RemoteSigned") {
Set-ExecutionPolicy -scope CurrentUser RemoteSigned -Force -ea silent
Set-ExecutionPolicy RemoteSigned -Force -ea silent
}
But I get the same error (I thought this might skip the if body if I tried this.
I then tried
Set-ExecutionPolicy -Scope MachinePolicy Unrestricted
but I get this error:
Cannot set execution policy. Execution policies at the MachinePolicy or UserPolicy scopes must be set through Group
Policy.
But I don't use policies or anything AD related on my home system.
Get-ExecutionPolicy -list
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser RemoteSigned
LocalMachine RemoteSigned
How can I run the Set-Execution if the policy is not set, and skip that if it is not set?
The default scope is LocalMachine if you don't specify one. The message appears because CurrentUser takes priority over LocalMachine. One way to check is:
# [optional] temporarily suppress execution policy warnings
$E = $ErrorActionPreference
$ErrorActionPreference = 'SilentlyContinue'
if ((Get-ExecutionPolicy -Scope LocalMachine) -ne "RemoteSigned") {
# will always error if CurrentUser scope is set already
Set-ExecutionPolicy RemoteSigned -Scope LocalMachine -Force
}
if ((Get-ExecutionPolicy -Scope CurrentUser) -ne "RemoteSigned") {
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force
}
$ErrorActionPreference = $E
The warning can't be suppressed normally since it's written directly to the console for some reason.
Alternatively, you can set only the CurrentUser scope. If you're not using group policy, then there are only three scopes to worry about. The highest one takes priority (setting lower ones will show the warning):
Process: Set for only the current process Set-ExecutionPolicy RemoteSigned -Scope Process
CurrentUser: Set for only the current user: Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
LocalMachine: Set for all users: Set-ExecutionPolicy RemoteSigned
For more information, check out about_Execution_Policies

ExecutionPolicy resets back to Undefined after closing window

I'm trying to solve a problem where I can't run local .ps1 scripts from the right-click menu without the Execution Policy Change warning appearing after every reboot.
Steps to reproduce:
Open elevated Powershell and run:
Set-Executionpolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
Set-Executionpolicy -ExecutionPolicy RemoteSigned -Scope Process
Running ExecutionPolicy -List then returns:
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process RemoteSigned
CurrentUser RemoteSigned
LocalMachine RemoteSigned
But upon closing and reopening the Powershell window and running ExecutionPolicy -List again, only the LocalMachine setting sticks:
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser Undefined
LocalMachine RemoteSigned
Why don't the other ones stick? I've run DISM restorehealth and sfc /scannow and didn't get any errors.

PowerShell bug “execution of scripts is disabled on this system.”

I have a power shell script that runs to stop services, 'stop / terminate process' , delete 2 files and then restart.
I can run this script perfect on my Windows 10 64 Bit Host Machine - with ZERO issues.
I try to run it in my Virtual Machines and I get the error
cannot be loaded because running scripts is disabled on this system. For more information, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170
SO just for giggles I went to see my group policies and they are not configured on either machine.
Administrative Templates > Windows Components > Windows PowerShell
Not Configured.
So why the issue on the virtual machine and not in my host ?
EDIT
Ran Get-ExecutionPolicy and also Get-ExecutionPolicy-List on VM
Restricted
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser Undefined
LocalMachine Undefined
Ran it on my Host
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser Undefined
LocalMachine Unrestricted
I do not know how my local machine was changed - software installation ??
The following will allow all local scripts to execute on the VM, irrespective of whether they're signed or not:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine
I am going to go out on a limb here and just rehash a portion of About Execution Policies.
The default execution policy for Windows client OSes is Restricted. This means that a script will not run automatically. If your VM has a Windows client OS and you have never changed the execution policy, then your issue is expected. If the one Windows 10 machine works without issues, then someone changed the execution policy.
On the problematic VMs, you will need to determine the scope (or account) that is running your script. Then you will need to set the execution policy accordingly.
If you are testing running a script while logged into the server as yourself, then you can just open a PowerShell console and run the following:
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
Then run the script in that same console.
The following command will list the execution policy for all scopes on that machine:
Get-ExecutionPolicy -List
You should compare the command above on the working system and the non-working system. Your issue likely be the execution policy setting for the particular scope that is running the script. If you read the link in my post, it should help you determine what you need to change specifically.
If you are on Windows here is what you have to follow:
Press the [windows] button and then type PowerShell.
Run as Adiministrator
Copy and Paste the following command and hit [Enter]
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine
Type Y and hit [Enter]
Rerun the command and type A hit [Enter]
Close the powershell and try again
Good luck.
Open your PowerShell and enter the following command
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine
I had the same problem with VS Code then I check the cmd with Administrator run. There is no problem so better to use CMD easy way to pass this problem
Run Powershell as an administrator and run the following command:
set-executionpolicy remotesigned
The least problematic approach is to use the command:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
This will get around Admin user authority issues.
After running powershell as administrator, run the following commands:
Get-ExecutionPolicy -List
Set-ExecutionPolicy Unrestricted
Set-ExecutionPolicy Unrestricted -Force
May be you need to restart the machine.
Open your powershell as an administrator and then paste those commands:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine
Then choose A
I had the same issue in my PC. Open the windows PowerShell ISE in administrator mode and run Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine
This command solved my issue.
I had same issue when trying to create a vue application by running vue create my-project
To fix this I have followed below steps
Open powershell as an administrator on Windows
Run this command - Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine
Now open a new session on your terminal and run your application specific script. It worked.
user powerShell as admin and execute the following commends:
1-Set-ExecutionPolicy RemoteSigned
2-Get-ExecutionPolicy -List
3-Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine*
and rerun the scrips again and it will work
I m just farwarding all the changes that implies with setting the ExcecutionPolicy to RemoteSigned with the command : Set-ExecutionPolicy -ExecutionPolicy RemoteSigned ( I really recommend to first give a look at the other policies offered : Windows Execution Policies )
RemoteSigned :
The default execution policy for Windows server computers.
Scripts can run.
Requires a digital signature from a trusted publisher on scripts and
configuration files that are downloaded from the internet which
includes email and instant messaging programs.
Doesn't require digital signatures on scripts that are written on the
local computer and not downloaded from the internet.
Runs scripts that are downloaded from the internet and not signed.
Risks running unsigned scripts from sources other than the internet
and signed scripts that could be malicious.
Note that on Windows, browsers sign downloaded files and mark them as 'coming from the Internet'. If u want to unblock such a script, u can use the cmd Unblock-File.
user powerShell as admin and execute the following commends:
PS C:\WINDOWS\system32> Get-ExecutionPolicy -List
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Unrestricted
CurrentUser Unrestricted
LocalMachine Unrestricted
To unrestrict the execution policy:
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser
Under your normal user. The following requires to open an administrator instance:
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope LocalMachine
as an administrator.
You might need to restart the computer afterwards.
You will see peerjs server is working
Use the syntax below
Set-ExecutionPolicy -Scope CurrentUser
Enter the "Unrestricted" as your value in the ExecutionPolicy parameter syntax below:
ExecutionPolicy:Unrestricted
Then run your command; you can check the node version or any version of the software you installed after implementing the commands above
I have tried these two ways that you can tackle this problem succesfully:
By enabling PowerShell execution policies:
PS C:\Users\usr1>Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted
For example, I encountered this problem when i wanted to run yarn command at my project's root folder. Then by running the command above, I was abled to run the comand yarn without a problem.
Use bash terminal instead of powershell terminal
You can use this method when you get error from the powershell terminal by running the Set-ExecutionPolicy command. Like the error below:
In such case, by switching your terminal to bash you can have your scripts run:

Revert Back PowerShell after "Set-ExecutionPolicy Unrestricted -Scope CurrentUser -Force"

Since i need to update npm manually using npm-windows-upgrade,
i put
Set-ExecutionPolicy Unrestricted -Scope CurrentUser -Force
setting into my PowerShell.
Now i already finished updating npm, so i need to return the PowerShell setting to previous state, i.e. rollback the Set-ExecutionPolicy Unrestricted -Scope CurrentUser -Force, how to do that?
You get the current execution policy via get-executionpolicy
So you might save that state in a variable and use it later on to reset the state.
$ep = get-executionpolicy
set-executionpolicy $ep