8,330 questions
PowerShell blocking scripts with AppLocker, not running in ConstrainedLanguage mode
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 94%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENK%3C/text%3E%3C/svg%3E)
Nicholas King
0
Reputation points
Hi,
We have recently deployed an AppLocker policy to a number of users to limit execution of scripts by non-Admin users, which should result in scripts running in ConstrainedLanguage mode except for approved locations. All users are on Windows 11, with Entra-joined devices. They are using AppLocker script enforcement and the script rules do work fine. All users can run scripts in approved locations with FullLanguage mode.
For one user, they are unable to run any scripts from any non-approved location. AppLocker event log states the script was blocked and PowerShell does not open for them. Even a simple script like Read Host "test..." will still fail to open. They previously had a profile that was being blocked, but have removed the profile and this error still occurs.
If they try to open it via a command (i.e powershell.exe -file <file> or .\<file> in powershell) they get:
<file> cannot be loaded because its operation is blocked by software restriction policies, such as those created by using Group Policy.
If they right click and run with powershell, nothing happens.
All other users are able to run this file from any location, as it has nothing that would be blocked in ConstrainedLanguage mode.
Windows for business Windows Server User experience PowerShell
Sign in to answer