Bypass the PowerShell Execution Policy

The PowerShell execution policy is a good feature from a security perspective, but in most cases it is just plain annoying, especially when running scripts from Group Policy, Task Scheduler, or some other sort of remote mechanism. This article shows you how to bypass the PowerShell execution policy on a machine so that you can run your script on a system irrespective of what execution policy is set.

What is the PowerShell Execution Policy

Without going into too much detail and as a super quick intro, the PowerShell execution policy allows you to specify in what scenario you are willing to allow PowerShell scripts to execute on your machine. Generally there are four options available:

  1. Restricted
  2. AllSigned
  3. RemoteSigned
  4. Unrestricted

Restricted is the default policy in Windows 8, 8.1 and Server 2012. It allows you to run individual PowerShell commands but you are not able to execute scripts (.ps1 files).

RemoteSigned is the default policy in Windows Server 2012 R2. It allows you to run scripts that are developed locally, but remotely developed scripts cannot be executed unless they are digitally signed from a trusted publisher.

For more information see the about_Execution_Policies topic on TechNet.

How To – Bypass the PowerShell Execution Policy

The easiest way to bypass the PowerShell execution policy configuration on a machine is to do so when calling the script. You can do this in the following ways:

Without Script Parameters

The following example calls a PowerShell script from Task Scheduler, another script or from command line. In this example we are calling a script that has no script parameter requirements and therefore none are passed:


powershell.exe -ExecutionPolicy Bypass -Command "& c:\scripts\my-script.ps1"
With Script Parameters

In the following example we are doing the exact same call of a PowerShell script as above, but this time not only are we bypassing the execution policy, but we are also passing some values to one of the script parameters. In this case, the MyParam parameter.


powershell.exe -ExecutionPolicy Bypass -Command "& c:\scripts\my-script.ps1 -MyParam MyValue"

When to use it

This solution is really great when calling scripts from Task Scheduler, command line, another script, or from something like VMware View User Environment Manager (UEM).

If you are wanting to use this solution for Group Policy, then you can wrap the calling and execution of the PowerShell script in another script and then add that as a start-up or logon script in the Group Policy Object.

Hope that helps!

Comments

  1. POWERSHELL -Command "$enccmd=[Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes((Get-Content -Path 'command.ps1')));POWERSHELL -EncodedCommand $enccmd"
    if your group policy blocks scripts.

Leave a Comment