Product, version and build:
Operating system: Windows 10 1909
PowerShell version(s): 5.0
Powershell studio 5.8.187
Currently our IT group was flagging our install that was wrapped with powershell studio packager that generates an EXE, and noticed that wrapper sets the powershell script executionpolicy as bypass. Our powershell scripts are signed before we package it and also the EXE is signed. So the question is why is the EXE by default setting the executionpolicy as bypass instead of "allsigned" or "remotesigned". If there is a way to change this behavior that would be great.
Also below is the settings I used for the EXE packager:
How to change the powershell executionpolicy when executing from EXE packager
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
- Alexander Riedel
- Posts: 8479
- Last visit: Thu Mar 28, 2024 9:29 am
- Been upvoted: 37 times
Re: How to change the powershell executionpolicy when executing from EXE packager
It doesn't change the execution policy of your machine or network. It only launches an instance of PowerShell.exe with the -bypass parameter in order to execute the script you want to execute.
Since certain values and macros are expanded in your script at the time of packaging and execution, your signature on the original script file would be invalid at the time of execution.
Generally, you should only pick the "Microsoft Windows PowerShell" packaging option if you absolutely positively have to. It uses temporary files and it is subject to a lot of restrictions that may exist on your machine / network for good reason.
Using a SAPIEN PowerShell host will execute your code in memory, without any temporary file, and will therefore not be subject to any script execution policy.
You should of course always sign the resulting executable.
Since certain values and macros are expanded in your script at the time of packaging and execution, your signature on the original script file would be invalid at the time of execution.
Generally, you should only pick the "Microsoft Windows PowerShell" packaging option if you absolutely positively have to. It uses temporary files and it is subject to a lot of restrictions that may exist on your machine / network for good reason.
Using a SAPIEN PowerShell host will execute your code in memory, without any temporary file, and will therefore not be subject to any script execution policy.
You should of course always sign the resulting executable.
Alexander Riedel
SAPIEN Technologies, Inc.
SAPIEN Technologies, Inc.
Re: How to change the powershell executionpolicy when executing from EXE packager
good information there, so I guess the answer at the end of the day, there is no particular way to change the behavior at all, and make sure to use the SAPIEN powershell host mode instead correct?
- Alexander Riedel
- Posts: 8479
- Last visit: Thu Mar 28, 2024 9:29 am
- Been upvoted: 37 times
Re: How to change the powershell executionpolicy when executing from EXE packager
Yes. For that particular packager engine it will always use 'bypass'. There is no way to bypass that. Pun intended.
Alexander Riedel
SAPIEN Technologies, Inc.
SAPIEN Technologies, Inc.