Execution Policy problem

I have a client who is getting the following message even though their Execution Policy is Unrestricted when they try to run a script!

Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
you to the security risks described in the about_Execution_Policies help topic at
http://go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"):

Hi Steven,

Run PowerShell both in 64 bit admin mode (via SYSTEM32) and 32 bit admin mode (via SYSWOW64), and set the policy as you want it there. See if that corrects the problem.

Does the script contain a call to Set-ExecutionPolicy? That particular message should only come up when someone runs that cmdlet, just just as a result of running the script.

It did contain a set-executiopolicy with a force parameter, however when I removed that line of code, it still showed up…

That is very strange. Try this before running the script:

Set-PSBreakpoint -Command Set-ExecutionPolicy

Then run it again and see if the breakpoint triggers. If it does, you be able to find exactly where it’s coming from.

I tried setting both execution policies to unrestricted - no luck.

I added the breakpoint, it never hits it - the Execution Policy change thing pops up. I’m guessing it never hits the script code, rather the Execution Policy change is coming up BECAUSE you’re running a script.

Any ideas guys? Thanks for your help on this!

It may be worth mentioning, I am using “Run with PowerShell”.

When I run the script from an existing PS window, I don’t have the same issue!

There’s your problem. Here’s what the “Run with PowerShell” command is set to do, in the registry:

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & '%1'"

I suppose I can sort of see the thought process that went into this. They could have just done “powershell.exe -ExecutionPolicy Bypass -File ‘%1’”, but then, if you happened to have set the policy to AllSigned, you’d be ignoring the signature. So instead, they try to only bypass if you’re not set to AllSigned. (Bit odd that this still skips RemoteSigned, though).

They didn’t use -Force on the call to Set-ExecutionPolicy, presumably because they don’t want people running arbitrary scripts by mistake. Remember, ExecutionPolicy is set to ‘Restricted’ by default.

Anyhow, this only affects scripts launched with that particular explorer shortcut. Shouldn’t be a problem in any other circumstance.