Set-ExecutionPolicy Unrestricted in Intune Powershell

stavros mitchell 56 Reputation points
2020-08-25T20:36:10.107+00:00

Hello we are setting up a script in the Intune Script Tab. The script needs to be run with Set-ExecutionPolicy Unrestricted before executing
Is there a way to do this from intune?

thanks for the help

Microsoft Security Intune Configuration
{count} votes

5 answers

Sort by: Most helpful
  1. Nick Hogarth 3,521 Reputation points Volunteer Moderator
    2020-08-25T22:41:08.803+00:00

    Have you tried packaging it using the Intune win32 app method, and then having the install command like powershell.exe -ExecutionPolicy Bypass -File .\Script.ps1 ?

    1 person found this answer helpful.
    0 comments No comments

  2. Jason Sandys 31,406 Reputation points Microsoft Employee Moderator
    2020-08-25T23:27:36.933+00:00

    Buy a signing certificate. Sign your scripts. Anything is like leaving your front door wide open.

    0 comments No comments

  3. Ian V 21 Reputation points
    2021-06-22T01:11:30.247+00:00

    I am in the same situation.

    Windows 10 20H2 machine, joined to Azure AD, and managed via MEM (Intune).

    Current PowerShell Execution Policy is Undefined, which means None.

    If I run a signed script, it still produces an error "cannot be loaded because running scripts is disabled on this system".

    I need a way to set the LocalMachine policy to AllSigned via policy or script from Intune, thus applying to a group of machines.

    0 comments No comments

  4. Jason Sandys 31,406 Reputation points Microsoft Employee Moderator
    2021-06-22T13:34:23.593+00:00

    There's no direct way to do this today to my knowledge although you could create a Win32 app that runs powershell.exe with the -command option and calls the Set-ExecutionPolicy cmdlet. This isn't subject to the execution policy as far as I know.

    In the near future, all built-in ADMXs will be unblocked though, and you'll thus be able to use the PowerShell ADMX.


  5. Jason Sandys 31,406 Reputation points Microsoft Employee Moderator
    2021-06-23T13:28:53.447+00:00

    Cause there's a block somewhere?

    Correct. Windows has always blocked registry values corresponding to many/most standard group policies from being set by an MDM. This is documented in the ADMX ingestion docs; however, this is set to change soon. See https://techcommunity.microsoft.com/t5/intune-customer-success/the-latest-in-group-policy-settings-parity-in-mobile-device/ba-p/2269167.

    I've currently tried running an Intune Script

    You can't use something that is blocked to unblock itself. Chicken meet egg.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.