4

Since the 20H2 build of Windows 10 came out, if I want to run a script without copying and pasting it into a PowerShell window, I have to write the following command:

Set-ExecutionPolicy -ExecutionPolicy ByPass -Scope Process -Force

I don't want to turn off the default behavior, since it prevents scripts from being run by accident or maliciously.

But I'd also like to be able to just open a PowerShell window as my administrator account, and execute .\somescript.ps1 so that it runs.

Is it secure to place the line above in my powershell profile so I don't have to manually run it every time I open Powershell as my Admin account, provided I still have UAC turned on (a.k.a. still have to type my password when opening a Powershell as Admin)?

schroeder
  • 129,372
  • 55
  • 299
  • 340
leeand00
  • 1,431
  • 1
  • 14
  • 22
  • That does not answer your question, but Microsoft recommends the following command instead: Set-ExecutionPolicy RemoteSigned – A. Hersean Jun 17 '21 at 16:19

1 Answers1

2

With Set-ExecutionPolicy -ExecutionPolicy ByPass -Scope Process you simply temporarily bypass the default setting in the scope of current process. You can see the default policies from about_Execution_Policies: Restricted prevents execution of all scripts whereas AllSigned and RemoteSigned required the scripts to be signed by a trusted publisher, respectively.

To avoid running this command every time, still preventing all scripts from running freely, you could change your global policy to allow running signed scripts.

Set-ExecutionPolicy -ExecutionPolicy AllSigned -Scope LocalMachine

After that you could create a code signing certificate and sign your trusted PowerShell scripts with it.

Esa Jokinen
  • 18,957
  • 6
  • 58
  • 61