Set-ExecutionPolicy using batch file + powershell script
I'm working on my dotfiles and I'm wanting to create a batch script that will do some initial setup for me when switching to a new computer, like using psget to install modules, etc... I'd also like it to go ahead and change my ExecutionPolicy to something usable.
I created a batch file that simply fires off a powershell script under the Bypass
ExecutionPolicy:
powershell -ExecutionPolicy ByPass
-NoLogo -NoProfile -NoExit
-File .\set-policy.ps1
set-policy.ps1
attempts to run powershell as administrator to change the ExecutionPolicy:
Start-Process powershell -verb runas
-ArgumentList "-No Exit -Command { Set-ExecutionPolicy Restricted }"
Unfortunately, that doesn't seem to do that trick (output below). Not sure what the problem is.
Set-ExecutionPolicy Restricted
PS C:\windows\system32> Get-ExecutionPolicy
RemoteSigned
Any tips on how to use a batch file + powershell script to change execution policy?
Solution 1:
The problem is how you are invoking the new PowerShell process; it seems to be executing commands before the PowerShell prompt is ready for it, so they just get printed to the console; I'm not sure why though. Anyways, here is the fix.
This is how your set-policy.ps1 file should look:
Start-Process PowerShell -ArgumentList "Set-ExecutionPolicy Restricted -Force" -Verb RunAs
Or you can do the entire thing from the batch file in one line like so:
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList 'Set-ExecutionPolicy Restricted -Force' -Verb RunAs}"
I provide a little more information around calling PowerShell scripts from batch files and why you would want to do it on my blog post here.
Solution 2:
The easiest way for me to do this was to edit the registry. So now my batch file simply contains:
regedit.exe /S EnableScripts.reg
Running that will automatically prompt the user for permission/credentials as necessary. My EnableScripts.reg
file just contains the following:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]
"Path"="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
"ExecutionPolicy"="RemoteSigned"
The registry setting above was sufficient except for when running the x86 PowerShell (on my 64 bit machine). That required additionally setting the registry keys below:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]
"Path"="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe"
"ExecutionPolicy"="RemoteSigned"