Dear forum readers,
Recently, I decided to set up a software restriction policy on my system. More precisely, everything in standard programs places, such as Program Files or $env:windir is permitted to run, and everything outside requires being authenticode-signed by a specific key.
Then I launched a Powershell window and tried to Add-Type a signed assembly I use often. That assembly is signed with the good key, and regular executables signed with the key start as expected, but Add-Type of that assembly is rejected. It says definition of new types is not allowed in this language mode. I checked my session’s language mode and it’s set to “ConstrainedLanguage”.
I’m surprised of this, since “man about_Language_Modes” says the following about constrained language mode : “The Add-Type cmdlet can load signed assemblies, but it cannot load arbitrary C# code or Win32 APIs.”. The Assembly is signed with the correct signature, so it should work, shouldn’t it ?
In case Add-Type is effectively disabled, contrary to what’s mentioned, what should I do to either 1) load my assembly or 2) have my Powershell start in FullLanguage mode ? I never asked for this constrained language mode, after all.
Thanks for your insights…