4

Since the 20H2 build of Windows 10 came out, if I want to run a script without copying and pasting it into a PowerShell window, I have to write the following command:

Set-ExecutionPolicy -ExecutionPolicy ByPass -Scope Process -Force

I don't want to turn off the default behavior, since it prevents scripts from being run by accident or maliciously.

But I'd also like to be able to just open a PowerShell window as my administrator account, and execute .\somescript.ps1 so that it runs.

Is it secure to place the line above in my powershell profile so I don't have to manually run it every time I open Powershell as my Admin account, provided I still have UAC turned on (a.k.a. still have to type my password when opening a Powershell as Admin)?

schroeder
  • 123,438
  • 55
  • 284
  • 319
leeand00
  • 1,297
  • 1
  • 13
  • 21
  • That does not answer your question, but Microsoft recommends the following command instead: `Set-ExecutionPolicy RemoteSigned` – A. Hersean Jun 17 '21 at 16:19

1 Answers1

2

With Set-ExecutionPolicy -ExecutionPolicy ByPass -Scope Process you simply temporarily bypass the default setting in the scope of current process. You can see the default policies from about_Execution_Policies: Restricted prevents execution of all scripts whereas AllSigned and RemoteSigned required the scripts to be signed by a trusted publisher, respectively.

To avoid running this command every time, still preventing all scripts from running freely, you could change your global policy to allow running signed scripts.

Set-ExecutionPolicy -ExecutionPolicy AllSigned -Scope LocalMachine

After that you could create a code signing certificate and sign your trusted PowerShell scripts with it.

Esa Jokinen
  • 16,100
  • 5
  • 50
  • 55