Unable to execute PowerShell Script using 'Run with Powershell' option

Question

Hi I wrote a simple powershell script to:

Create a IE shortcut to a site
Disable Mixed Code Security Verification for Java control panel
Add a few sites as trusted sites

The script runs fine when I manually copy and paste it into powershell.
However, when I save it as a .ps1 file and 'Run with Powershell' - it doesn't seemingly execute (changes aren't made).

I tried changing execution policy to Bypass but it still does not execute.

Any thoughts on how I can get the .ps1 script to execute by using 'Run with Powershell'?

This is so my users can simply run this script without having to copy and paste into powershell.

Thank you, Asif

Here is the full script for reference:

& powershell.exe -executionpolicy bypass -file C:\Users\AZahir\Desktop\ps2.ps1

$Shell = New-Object -ComObject ("WScript.Shell")
$ShortCut = $Shell.CreateShortcut($env:USERPROFILE + "\Desktop\Jacada.lnk")
$ShortCut.TargetPath = "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
$ShortCut.Arguments = "http://facebook.com"
$ShortCut.WorkingDirectory = "C:\Program Files (x86)\Internet Explorer";
$ShortCut.WindowStyle = 1;
$ShortCut.IconLocation = "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
$ShortCut.Save()

Add-Content -Path "$env:USERPROFILE\AppData\LocalLow\Sun\Java\Deployment\deployment.properties" -Value ('deployment.security.mixcode=DISABLE')


Set-Location "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
Set-Location ZoneMap\Domains
New-Item bpoazusargdb01d
Set-Location bpoazusargdb01d
New-ItemProperty . -Name http -Value 2 -Type DWORD

Set-Location "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
Set-Location ZoneMap\Domains
New-Item "172.30.1.3"
Set-Location "172.30.1.3"
New-ItemProperty . -Name http -Value 2 -Type DWORD

Set-Location "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
Set-Location ZoneMap\Domains
New-Item "172.30.1.49"
Set-Location "172.30.1.49"
New-ItemProperty . -Name http -Value 2 -Type DWORD

Set-Location "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
Set-Location ZoneMap\Domains
New-Item "172.30.1.89"
Set-Location "172.30.1.89"
New-ItemProperty . -Name http -Value 2 -Type DWORD

I didn't realize you could set executionpolicy to bypass... Maybe try using "Unrestricted"? In addition, be sure to use the Unblock-File cmdlet with a path pointing toward your script, and see if that works. — Bryce McDonald, Jun 09 '18 at 21:53
@BryceMcDonald I set it to Unrestricted and it works! Well it executes but I have errors with the script that's giving me errors. But thanks for the answer! — Asif Bin Zahir, Jun 09 '18 at 22:00
edit: Had to remove this line now that I set execution policy to 'Unrestricted': & powershell.exe -executionpolicy bypass -file C:\Users\AZahir\Desktop\ps2.ps1 *It gave multiple errors when running the script. — Asif Bin Zahir, Jun 09 '18 at 22:12
do not include "& powershell.exe -executionpolicy bypass -file C:\Users\AZahir\Desktop\ps2.ps1" in the script it self.. instead you can run the file using that in powershell — Aravinda, Jun 10 '18 at 06:23

Aravinda · Answer 1 · 2018-06-10T07:24:23.647

0

This is so my users can simply run this script without having to copy and paste into powershell.

Use a bat file side by.

include

PowerShell.exe -executionpolicy bypass -file "%~dp0ps2.ps1"

Remove below from your powershel script.

& powershell.exe -executionpolicy bypass -file C:\Users\AZahir\Desktop\ps2.ps1

When a user double clicks the bat file, they will run the ps2.ps1.

I don't see errors , when i run it . It creates the shortcut and the reg keys. In case, if you are trying to run it second time, it will generate errors saying the reg keys exists..

Also its wise to use """ instead of " more details How to pass msi ArgumentList with $ScriptDir with spaces in powershell?

or else your users may find difficulties running your script, if they put this script in a path with space such as c:\new folder\

edited Jun 10 '18 at 07:24

answered Jun 10 '18 at 06:39

Aravinda

495
1
7
17

1

Security wise, this is a bad workaround. Rather than taking a shortcut and showing your users how to completely bypass the security, you better `set-executionpolicy` via a group policy to e.g. Unrestricted which will leave some checks (*"If you run an unsigned script that was downloaded from the Internet, you are prompted for permission before it runs."*) Or even better: sign your PowerShell scripts. From my point of view, it is pointless to use the default PowerShell `restricted` securitity policy in your compagny and leaving the door wide open through other scripting languages. – iRon Jun 10 '18 at 09:25
@iRon dont forget to post a viable answer with your suggestions. we can learn altogether, may be you can add a bit of a code signing as well – Aravinda Jun 11 '18 at 05:32

Maximilian Burszley · Accepted Answer · 2019-07-11T12:46:26.637

Leaving my original answer below but I've since found a more effective way without the file copy:

# 2>NUL & @powershell -nop -ep bypass "(gc '%~f0')-join[Environment]::NewLine|iex" && @EXIT /B 0

This is to be included as your first line of the powershell script, saved as a .cmd file.

Breakdown:

# 2>NUL &

This handles the batch part of our file so we can get that click-execution functionality. Since # isn't a filename or command, it throws an error we ignore with 2>NUL and skip to the next command with &.

@powershell ...

This is our call to powershell, grabbing the contents of the file (gc: Get-Content) and executing them (iex: Invoke-Expression). We use @ so the command isn't echoed to the cli.

&& EXIT /B 0

This will exit the script gracefully if no errors were thrown.

If your only goal is to have a shortcut-clickable link for users to run your powershell script, you can accomplish that with this by pasting your script contents under this header (saved as myscript.cmd or whatever you want to name it):

::<#
@ECHO OFF
REM https://stackoverflow.com/questions/3759456/create-a-executable-exe-file-from-powershell-script#answer-4629494
REM https://blogs.msdn.microsoft.com/zainala/2008/08/05/using-0-inside-the-batch-file-to-get-the-file-info/

SET "pwsh=%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\powershell.exe"
SET "args=-NoProfile -NoLogo -ExecutionPolicy Bypass -Command"
SET "cmd="@(Get-Content -Path '%~f0') -replace '^^::'^|Set-Content -Path '%~dpn0.ps1';. '%~dpn0.ps1' %*""

%pwsh% %args% %cmd%

DEL "%~dpn0.ps1" /Q /F
EXIT
::#>

Simply put, it handles the execution policy and saves itself as a powershell script after replacing the batch-parts as a block comment.

Unable to execute PowerShell Script using 'Run with Powershell' option

2 Answers2

Linked