Self-Elevate and ExecutionPolicy

Hi everyone , i need some help with a project of mine. I’m trying to run a self-elevate scripts and i’m hitting a issue. Not all computer at my work can run a powershell scripts (Execution policy at restricted) . It’s there a way to change the execution policy automatically ? I’m ready to use powershell or the cmd . For now , my script is working if the execution policy is undefined. So can i do that or we have to do it manually?

Thank you for all your response.

You’re actually not providing enough information. Have you reviewed the help for the Powershell executable?

Powershell.exe /?

If the policy is set to restricted, then by design it’s blocked. Translation, your enterprise has decided it does not allow PS scripts to run on these systems and your security team should be able to tell you why this setting / policy is in place.

What you are asking, is to provide you a way to skirt this enterprise policy, which sounds rather, well, sketchy.

It would be more prudent for you to ask that this policy be changed to allow you to do what you are after ranter than working to skirt the policy.

All that being said. There are several ways to have PS scripts execute by setting the execution policy per session (meaning the policy is only active when you run the script and not affecting the host default policy). This is called ExecutionPolicy Scope and those are all fully documented in PS help files.

Get-Help -Name about_Execution_Policies

You have to user the scope when you ask PS to run your script. Again, I say, it is still prudent for you to ask about this before accountabilities are called into play.

Microsoft decided that the default execution policy would be set to “Restricted”. It’s doubtful, but possible, that the OP’s company made that decision, especially since it appears it’s not being enforced on all systems.

You can specify the execution policy on the command line when you execute the script. This is what our company does.

powershell.exe -ExecutionPolicy Bypass -File script.ps1

Other options would be to edit the registry value for this policy and set it to what you want or use Group Policy to set it.