2,094 questions
Have you tried packaging it using the Intune win32 app method, and then having the install command like powershell.exe -ExecutionPolicy Bypass -File .\Script.ps1 ?
Set-ExecutionPolicy Unrestricted in Intune Powershell
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 87%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
stavros mitchell
56
Reputation points
Hello we are setting up a script in the Intune Script Tab. The script needs to be run with Set-ExecutionPolicy Unrestricted before executing
Is there a way to do this from intune?
thanks for the help
Microsoft Security | Intune | Configuration
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 33%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERH%3C/text%3E%3C/svg%3E)
Ryan Hogan 0 Reputation points2023-05-09T16:27:18.68+00:00 You can use a .bat file (UGH) to set the execution policy and then run the script. Package the .bat and Powershell file up in the .intunewin file and set this as your install: cmd.exe c/ "Batchfilename.bat"
In the .bat, might be something like this:
@echo off powershell -command "& {Set-ExecutionPolicy -ExecutionPolicy bypass -Force}" powershell.exe -file "POWERSHELLFILE.ps1" -executionpolicy bypass
Sign in to comment
5 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 66%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENH%3C/text%3E%3C/svg%3E)
Nick Hogarth 3,521 Reputation points Volunteer Moderator2020-08-25T22:41:08.803+00:00 -
Jason Sandys 31,406 Reputation points Microsoft Employee Moderator2020-08-25T23:27:36.933+00:00 Buy a signing certificate. Sign your scripts. Anything is like leaving your front door wide open.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 1%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIV%3C/text%3E%3C/svg%3E)
Ian V 21 Reputation points2021-06-22T01:11:30.247+00:00 I am in the same situation.
Windows 10 20H2 machine, joined to Azure AD, and managed via MEM (Intune).
Current PowerShell Execution Policy is Undefined, which means None.
If I run a signed script, it still produces an error "cannot be loaded because running scripts is disabled on this system".
I need a way to set the LocalMachine policy to AllSigned via policy or script from Intune, thus applying to a group of machines.
-
Jason Sandys 31,406 Reputation points Microsoft Employee Moderator
2021-06-22T13:34:23.593+00:00 There's no direct way to do this today to my knowledge although you could create a Win32 app that runs powershell.exe with the -command option and calls the Set-ExecutionPolicy cmdlet. This isn't subject to the execution policy as far as I know.
In the near future, all built-in ADMXs will be unblocked though, and you'll thus be able to use the PowerShell ADMX.
-
Ian V 21 Reputation points
2021-06-22T22:50:07.707+00:00 Thank you for your response.
So is that why my PowerShell ADMX wasn't working either? Cause there's a block somewhere? I wonder if that's documented.
I've currently tried running an Intune Script (signed as well) that runs "Set-ExecutionPolicy -ExecutionPolicy AllSigned -Scope MachinePolicy -Force" but haven't had success.
I may try the Win32 approach.
Sign in to comment -
-
Jason Sandys 31,406 Reputation points Microsoft Employee Moderator
2021-06-23T13:28:53.447+00:00 Cause there's a block somewhere?
Correct. Windows has always blocked registry values corresponding to many/most standard group policies from being set by an MDM. This is documented in the ADMX ingestion docs; however, this is set to change soon. See https://techcommunity.microsoft.com/t5/intune-customer-success/the-latest-in-group-policy-settings-parity-in-mobile-device/ba-p/2269167.
I've currently tried running an Intune Script
You can't use something that is blocked to unblock itself. Chicken meet egg.