Set-ExecutionPolicy using batch file + powershell script

I'm working on my dotfiles and I'm wanting to create a batch script that will do some initial setup for me when switching to a new computer, like using psget to install modules, etc... I'd also like it to go ahead and change my ExecutionPolicy to something usable.

I created a batch file that simply fires off a powershell script under the Bypass ExecutionPolicy:

powershell -ExecutionPolicy ByPass 
           -NoLogo -NoProfile -NoExit 
           -File .\set-policy.ps1

set-policy.ps1 attempts to run powershell as administrator to change the ExecutionPolicy:

Start-Process powershell -verb runas 
  -ArgumentList "-No Exit -Command { Set-ExecutionPolicy Restricted }"

Unfortunately, that doesn't seem to do that trick (output below). Not sure what the problem is.

Set-ExecutionPolicy Restricted
PS C:\windows\system32> Get-ExecutionPolicy
RemoteSigned

Any tips on how to use a batch file + powershell script to change execution policy?


Solution 1:

The problem is how you are invoking the new PowerShell process; it seems to be executing commands before the PowerShell prompt is ready for it, so they just get printed to the console; I'm not sure why though. Anyways, here is the fix.

This is how your set-policy.ps1 file should look:

Start-Process PowerShell -ArgumentList "Set-ExecutionPolicy Restricted -Force" -Verb RunAs

Or you can do the entire thing from the batch file in one line like so:

PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList 'Set-ExecutionPolicy Restricted -Force' -Verb RunAs}"

I provide a little more information around calling PowerShell scripts from batch files and why you would want to do it on my blog post here.

Solution 2:

The easiest way for me to do this was to edit the registry. So now my batch file simply contains:

regedit.exe /S EnableScripts.reg

Running that will automatically prompt the user for permission/credentials as necessary. My EnableScripts.reg file just contains the following:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]
"Path"="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
"ExecutionPolicy"="RemoteSigned"

The registry setting above was sufficient except for when running the x86 PowerShell (on my 64 bit machine). That required additionally setting the registry keys below:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]
"Path"="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe"
"ExecutionPolicy"="RemoteSigned"