• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1992
  • Last Modified:

Powershell: set-execution policy override Allsigned

All our computers have a group policy that enables allsigned.

Set-ExecutionPolicy -ExecutionPolicy AllSigned

Open in new window


I want to override this feature for my machine.  Whats the best way to achieve this?

 

Thanks
0
resolver1
Asked:
resolver1
3 Solutions
 
BelushiLomaxCommented:
create a policy to apply only to you that sets:
Set-ExecutionPolicy Unrestricted
It all depends on your AD structure how the cleanest way to do that is, but you will need to undo the policy for yourself using this GPO closer to your Account than the other so it applies later.
0
 
Mike KlineCommented:
Just to add the setting is in different areas depending on the version you are on

http://technet.microsoft.com/en-us/library/dd347641.aspx

The PowerShellExecutionPolicy.adm and PowerShellExecutionPolicy.admx
    files add the "Turn on Script Execution" policy to the Computer
    Configuration and User Configuration nodes in Group Policy Editor in
    the following paths.

        For Windows XP and Windows Server 2003:
        Administrative Templates\Windows Components\Windows PowerShell

        For Windows Vista and later versions of Windows:
        Administrative Templates\Classic Administrative Templates\
        Windows Components\Windows PowerShell

Are you a sys admin in your domain?  Wasn't sure if you have rights to updates GPOs or make new GPOs.  Always test if you can.

Thanks

Mike
0
 
Daryl BamforthTechnical ExpertCommented:
I would suggest not setting it to unrestricted, as a minimum set it to remote-signed, and depending on how often you are modifying scripts set it so you can change your policy on the fly (so you can leave it in allsigned unless you are working on something).

If you have a GPO that sets allsigned you cannot override this on the local system as it will always be overwritten by the domain GPO.  You will need either an alternative GPO that is applied last which sets a different policy, or deny your computer access to the main GPO, replicate it with the changed powershell execution policy, apply this one to your system. (Make sure that everyone but your system has explicit deny on it to prevent mishaps).

You need to be aware of the order that the GPO will be applied in (see http://technet.microsoft.com/en-us/library/cc778890%28WS.10%29.aspx)
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
resolver1Author Commented:
Thanks for your replys.  Its been a long time since i've used Group Policys.  We're pretty flat AD structure.  I created a administrators OU in both computers and users.  Attached a group policy that enables "Unrestricted" powershell scripts (for user and computer config).  Add my computer and user to the new administrators group and it still doesn't allow me to run a script unless its signed.  As you can see below the machine policy is still set to "AllSigned" after gpupdate is run on my machine.  

See below:  


PS C:\> Get-ExecutionPolicy -List

                                                      Scope                                             ExecutionPolicy
                                                      -----                                             ---------------
                                              MachinePolicy                                                   AllSigned
                                                 UserPolicy                                                   Undefined
                                                    Process                                                   Undefined
                                                CurrentUser                                                   Undefined
                                               LocalMachine                                                Unrestricted

PS C:\> gpupdate
Updating Policy...

User Policy update has completed successfully.
Computer Policy update has completed successfully.

PS C:\> Get-ExecutionPolicy -List

                                                      Scope                                             ExecutionPolicy
                                                      -----                                             ---------------
                                              MachinePolicy                                                   AllSigned
                                                 UserPolicy                                                Unrestricted
                                                    Process                                                   Undefined
                                                CurrentUser                                                   Undefined
                                               LocalMachine                                                Unrestricted


group policy inheritance
0
 
Daryl BamforthTechnical ExpertCommented:
What is your exact setting in the 'unrestricted' policy?  If you have already set a policy just disabling it will not change it.  You need to first set a new policy that sets the execution policy to 'allow all scripts'.

Then set a new policy that has this disabled, which should then allow you to manage it locally on the box.

If you prefer to manage it through GPOs I would suggest setting it to 'Allow local scripts and remote signed scripts' and just leave it on that.
0
 
resolver1Author Commented:
Its now working. I ran GPUpdate and I have the desired setting "Unrestricted" (only on my computer) :-)

Maybe it took a while for the settings to receive and update.  I thought GP was instance aslong as you ran gpudpate on the client.???

Any thanks for all your help guys
0
 
resolver1Author Commented:
Thanks again!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now