Where does powershell saves the set-executionpolicy setting?

Question:

I’m building some servers and need to run some powershell scripts on them. However, I need to run the command Set-ExecutionPolicy -ExecutionPolicy remotesigned -Force manually on every server. Because I can’t set execution policy in a script. I want to know where PowerShell save the execution policy setting and want to directly change it. Is that possible?

Thanks.

Answer:

ExecutionPolicy is not a single setting stored in a single place. There are multiple scopes of ExecutionPolicy which are each set and stored differently. Run Get-ExecutionPolicy -List to see all the different scopes.

Using ProcMon to monitor what keys are being read/written when getting/setting the different scopes, I came up with this list:

  • MachinePolicy and UserPolicy Can only be set via group policy. I think the keys end up being under HKLM\Software\Policies\Microsoft\Windows\Powershell
  • Process does not seem to be stored in a reg key. That makes sense, as it appies only the current process. Probably just stored in memory.
  • CurrentUser is stored at HKEY_CURRENT_USER\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell [ExecutionPolicy] Note you could set this for a particular user (i.e. besides current user) via HKEY_USERS
  • LocalMachine is stored at HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell [ExecutionPolicy] This is the default scope when running Set-ExecutionPolicy.

See http://technet.microsoft.com/en-US/library/dd347641.aspx and http://go.microsoft.com/fwlink/?LinkID=113394

Source:

Where does powershell saves the set-executionpolicy setting? by licensed under CC BY-SA | With most appropriate answer!

Leave a Reply