Failure to load built-in modules due to software restrictions

I’m going bonkers!

Cross-post from here: windows - Powershell - Failure to load built-in modules due to software restrictions - Server Fault


Yesterday, I was working with PowerShellEditorServices to develop a tool. Internally, it uses named pipes to communicate between the client and server. They are both running locally.

At some point, the server named pipe stopped responding. Then I started to notice a bunch of issues with my system.

First, the PowerShell VS Code extension will also not connect. It hangs just like my test app. It also uses Named Pipes by default along with PowerShellEditorServices. Running as administrator does not fix the issue with VS Code.

Second, running Get-ExecutionPolicy in PowerShell 7.3.8, returns the following.

get-executionPolicy: The 'get-executionPolicy' command was found in the module 'Microsoft.PowerShell.Security', but the module could not be loaded due to the following error: [The following error occurred while loading the extended type data file:
, C:\program files\powershell\7\Modules\Microsoft.PowerShell.Security\Security.types.ps1xml: The file was skipped because of the following validation exception: File C:\program files\powershell\7\Modules\Microsoft.PowerShell.Security\Security.types.ps1xml cannot be loaded because its operation is blocked by software restriction policies, such as those created by using Group Policy..
]
For more information, run 'Import-Module Microsoft.PowerShell.Security'.

If I start PowerShell as administrator, I can run this command successfully. Additionally, Windows PowerShell does not suffer from these issues.

Finally, I’ve noticed that the Visual Studio shortcut on my taskbar does not work. It is set to run as administrator and when clicked, it says the application was blocked by my administrator (I’m a local administrator).

This seems like an App Locker, Defender or GP issue but I am running outside of a domain and have not configured any of this. It almost seems like Windows thought I was doing something suspicious and has now locked down my machine in some way.

I can’t find anything in Event Logs to indicate why this is happening.

Windows 11
Version 22H2 (OS Build 22621.2428)
PowerShell 7.3.8

I read your update on on StackExchange but I’m not registered there, so I’m replying here.

My pwsh 7.3.8 executable is signed by the same certificate. However, the certificate does not appear to have been revoked by the issuing CA so I’m not sure why your machine thinks it has. Manual check:

Get-AuthenticodeSignature 'C:\Program Files\PowerShell\7\pwsh.exe' | 
    Select-Object -ExpandProperty SignerCertificate | 
        Export-Certificate -Type CERT -FilePath E:\temp\ms.cer
certutil -f -urlfetch -verify ms.cer