Delen via


PowerShell Execution Policy Granularity

Imagine the scenario where you want to to set an execution policy for a specific user on a machine. The per-user setting is nothing more than a key in the registry, something like:

[HKEY_USERS\S-1-5-21-REST-OF-SID\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]

"ExecutionPolicy"="RemoteSigned"

So all you have to do is grab your users’ SIDs (easy enough with AD cmdlets or ADSI I suppose) and modify the registry directly (as long as you have admin rights).

The proper way of doing this, of course, would be using Group Policy, see Set-ExecutionPolicy for details on that.

You can alter who is affected by the statement by using the –scope option.  The setting will be persistent though. You shouldn’t need to run it each time PS is started up.