PowerShell scripts are slowly creeping in as the new standard to replace older batch and VB scripts. PowerShell is extremely powerful and is therefore advantageous in both SCCM applications and packages that I am required to create.
Using PowerShell scripts does present a slight problem: Windows computers are, by default, not set to allow PowerShell scripts to run. There is an execution policy that exists on each machine which may be set to any one of the following:
- Restricted (default) – No scripts can be run. Windows PowerShell can be used only in interactive mode.
- AllSigned – Only scripts signed by a trusted publisher can be run.
- RemoteSigned – Downloaded scripts must be signed by a trusted publisher before they can be run.
- Unrestricted – No restrictions; all Windows PowerShell scripts can be run.
A computer’s current policy can be viewed by running the Get-ExecutionPolicy command in PowerShell:
Many guides will say to force the policy to unrestricted (Set-ExecutionPolicy Unrestricted -force), execute the necessary PS scripts, and then change the policy back to restricted (Set-ExecutionPolicy Restricted -force). This method is sufficient, but there is a more streamlined approach.
The following CMD can be used from a command prompt to call a PowerShell script and bypass the client’s execution policy:
PowerShell.exe -ExecutionPolicy Bypass -File <PSScriptName>.ps1
This simple trick has saved me a lot of headaches while trying to transition my techniques from batch and VB scripts into PowerShell.