How to change the powershell executionpolicy when executing from EXE packager

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 2 years and 10 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
kintaroju
Posts: 2
Last visit: Wed Oct 12, 2022 1:02 pm

How to change the powershell executionpolicy when executing from EXE packager

Post by kintaroju »

Product, version and build:
Operating system: Windows 10 1909
PowerShell version(s): 5.0
Powershell studio 5.8.187


Currently our IT group was flagging our install that was wrapped with powershell studio packager that generates an EXE, and noticed that wrapper sets the powershell script executionpolicy as bypass. Our powershell scripts are signed before we package it and also the EXE is signed. So the question is why is the EXE by default setting the executionpolicy as bypass instead of "allsigned" or "remotesigned". If there is a way to change this behavior that would be great.

Also below is the settings I used for the EXE packager:
Screenshot 2021-05-26 090351.jpg
Screenshot 2021-05-26 090351.jpg (67.62 KiB) Viewed 7521 times
Screenshot 2021-05-26 090442.jpg
Screenshot 2021-05-26 090442.jpg (51.6 KiB) Viewed 7521 times
User avatar
Alexander Riedel
Posts: 8479
Last visit: Thu Mar 28, 2024 9:29 am
Answers: 19
Been upvoted: 37 times

Re: How to change the powershell executionpolicy when executing from EXE packager

Post by Alexander Riedel »

It doesn't change the execution policy of your machine or network. It only launches an instance of PowerShell.exe with the -bypass parameter in order to execute the script you want to execute.
Since certain values and macros are expanded in your script at the time of packaging and execution, your signature on the original script file would be invalid at the time of execution.

Generally, you should only pick the "Microsoft Windows PowerShell" packaging option if you absolutely positively have to. It uses temporary files and it is subject to a lot of restrictions that may exist on your machine / network for good reason.
Using a SAPIEN PowerShell host will execute your code in memory, without any temporary file, and will therefore not be subject to any script execution policy.
You should of course always sign the resulting executable.
Alexander Riedel
SAPIEN Technologies, Inc.
kintaroju
Posts: 2
Last visit: Wed Oct 12, 2022 1:02 pm

Re: How to change the powershell executionpolicy when executing from EXE packager

Post by kintaroju »

good information there, so I guess the answer at the end of the day, there is no particular way to change the behavior at all, and make sure to use the SAPIEN powershell host mode instead correct?
User avatar
Alexander Riedel
Posts: 8479
Last visit: Thu Mar 28, 2024 9:29 am
Answers: 19
Been upvoted: 37 times

Re: How to change the powershell executionpolicy when executing from EXE packager

Post by Alexander Riedel »

Yes. For that particular packager engine it will always use 'bypass'. There is no way to bypass that. Pun intended.
Alexander Riedel
SAPIEN Technologies, Inc.
This topic is 2 years and 10 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.