Change the PowerShell MachinePolicy Execution Policy in Windows Server 2012R2

Change the PowerShell MachinePolicy Execution Policy in Windows Server 2012R2

Background

Last week I wanted to try the new SharePoint 2013 SP1 and, as I never install SharePoint without using PowerShell scripts, I tried using the awesome AutoSPInstaller to install my SharePoint. When Windows Server 201 R2 came out, the twitter sphere said that nothing changed except the Execution Policy was “RemoteSigned”. AutoSPInstaller has a Launch.bat file that makes sure the Main.ps1 launches in “ByPass” mode.

However, the way AutoSPInstaller works is that it includes two other PowerShell files where the functions are stored. When those get included, the ByPass mode is not in effect anymore, and PowerShell goes back to the Machine Policy, which by default is Remote Signed. It’s a good security measure, but we need to get this fixed!

Also for the sake of Google indexing the error for other people, here is the error text:

File cannot be loaded. The file is not digitally signed. You cannot run this script on the current system.

So, I tried to change the execution policy from Powershell with the following command:

 Set-ExecutionPolicy -Scope MachinePolicy -ExecutionPolicy Bypass     

However I got the following error:

PowerShell MachinePolicy Execution Policy

Set-ExecutionPolicy : Cannot set execution policy. Execution policies at the MachinePolicy or UserPolicy scopes must
be set through Group Policy.

The Fix

You can actually change the MachinePolcy Execution Policy without going through GPO! You need to go in the registry and edit the following key HKLM:\Software\Policies\Microsoft\Windows\PowerShell and change the ExecutionPolicy value to ByPass.

Or you can simply run this PowerShell command:

 Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\PowerShell -Name ExecutionPolicy -Value ByPass 

However… the PowerShell command might give you an error that will look something like this:

Cannot find path ‘HKLM:\Software\Policies\Microsoft\Windows\PowerShell’ because it does not exist.

This is because your local group policy to allow scripts to run on the system is probably “not configured” . To configure it, run “gpedit.msc” in the metro start bar.

Then Navigate to: Computer Configuration > Administrative Templates > Windows Components > Windows PowerShell. Change the “Turn on Script Execution” to look something like this:

Afterwards, the PowerShell command should work and you should be able to change your Execution Policy without any problems!

Hope his helps!

Leave a comment and don’t forget to like the Absolute SharePoint Blog Page   on Facebook and to follow me on Twitter here  for the latest news and technical articles on SharePoint.  I am also a Pluralsight author, and you can view all the courses I created on my author page.

5/5 (2)

Please rate this

 
Comments

Yes it helped. Thanks.

Thank you for your help! Now I got RDS BPA working with that registry tweak.

Thanks – can now run my script in Powershell 5!

Hi,
The same issue will be in my application also and i have checked the above steps to turn on script. But the windows powershell option was not there.Please help me to solve the issue

Did you do the gpedit part of the article?

Or…you could right-click and just launch powershell with administrative privileges, make your changes to execution policy which are then saved permanently. We do this all the time and works great. As mentioned above you could also use Group Policy which to me seems less risky than running regedit or running a powershell to edit the registry which really just runs regedit.

https://technet.microsoft.com/en-us/library/hh849812.aspx

Quoted from above URL:

NOTE: To change the execution policy for the default (LocalMachine) scope, start Windows PowerShell with the “Run as administrator” option.

Of course I tried that before going the long way, but it didn’t work for me 🙁

After gpupdate the registry key return to unrestricted!

Updating manually by using regedit and to ExecutionPolicy worked. Thanks

I was getting the same error while trying to use NUGET in Visual Studio 2013. This fixed my issue as well!!!! Thanks!

it worked! thanks heaps!

Thanks… worked for me

Worked perfectly – Thank you so much Vlad!

Thanks. This helped. Finally!

Perfect, solved the problem I was having getting NuGet to run.

Great! worked for me

I Enabled the “Turn on Script Execution” policy as instructed, but it did not create any registry keys. There is still no …\Windows\PowerShell entry on my system.

Leave a Reply