1

We have System Center Configuration Manager version 1902 managing our devices.

I would like to use the nice feature "Run Script", which runs PowerShell scripts on an entire collection of devices, but all our devices have the ExecutionPolicy set to AllSigned (it's a company policy).

It is not working, the script running locally in each device (created by SCCM), isn't digitally signed, so it won't run and returns a blank or a weird "8" value output to SCCM.

On devices with RemoteSigned or Unrestricted ExecutionPolicy (for testing), it works fine, the output return is correct.

Is there a solution to that? Without changing the PowerShell Execution Policy?

esserafael
  • 339
  • 2
  • 9
  • 20

1 Answers1

0

ExecutionPolicy isn't really a security setting. It's designed to prevent regular users from inadvertently running an untrusted script. So you may want to run from a cmd script: 

powershell.exe -ExecutionPolicy Bypass -File <path to script.ps1>

I believe you can also specify -Command "& C:\Path\To\Script.ps1"

Greg Askew
  • 35,880
  • 5
  • 54
  • 82
  • Sorry, I know how the ExecutionPolicy works, the problem is that it's the SCCM client agent that runs de script on the hundreds of clients, and as far as I know I can't really change the parameters it uses to invoke the script. It executes like this: "Executing command line: "C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell.exe" -NonInteractive -NoProfile -ExecutionPolicy RemoteSigned -Command "& { . 'C:\WINDOWS\CCM\ScriptStore\1E593ECC-42F2-495E-A453-14A6DF93D186_F871C20FBF3EE8130FA52FE3DA983773678B7E04617EAF26EBBCBB3E74AA4622.ps1' | ConvertTo-Json -Compress } " with options (32, 4)" – esserafael Aug 28 '19 at 14:16
  • @esserafael: Is the script you are importing signed? – Greg Askew Aug 28 '19 at 15:56