ControlUp Community

Connect, Learn, and Grow

Bypassing Group Policy for PowerShell Scripts

Posted on

A user was trying to run a PowerShell script in a script action, but was having issues due to an execution policy blocking the script. The user wanted to know if it was possible to bypass the group policy, to which it was suggested this would be seen as a security vulnerability by Microsoft. A workaround of setting the execution policy on the current user was suggested and seemed to work.

Read the entire ‘Bypassing Group Policy for PowerShell Scripts’ thread below:

I’m trying to run a powershell script in a script action but getting:

C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\ControlUp\Scripts\fe6d0b24-8218-4f11-8c58-5008c438ce36.ps1

cannot be loaded because running scripts is disabled on this system.

any suggestions on how to add this to an argument: Set-ExecutionPolicy bypass

In script actions I know there is an arguments section. I hope that helps.

i saw it but couldn’t figure it out

#REMOVES File Introspection

Set-ExecutionPolicy bypass

$msiUrl2= "https://***/VMware-tools-12.2.0-21223074-x86_64.exe"

$msiPath2 = "C:\Temp\VMware-tools-12.2.0-21223074-x86_64.exe"

Write-Host "Downloading VMware Tools exe file from $msiUrl2…"

Invoke-WebRequest -Uri $msiUrl2 -OutFile $msiPath2

#Remove Vmware Tools File Introspection

Write-Host "Removing Vmware Tools File Introspection…"

start-Process -FilePath $msiPath2 -ArgumentList "/S /v /qn REMOVE=FileIntrospection"

#Clean up the downloaded MSI file

Write-Host "Cleaning up…"

Remove-Item $msiPath2

Write-Host "VMware Tools File Introspection removal completed."

it all work running manually on teh endpoitn

you can’t use set-executionpolicy bypass in a script if execution policy is blocking you from running the script.

Because the script won’t run

ya, that’s what i figured. now hwo do i get around that?

you don’t 🙂

I’m pretty sure Microsoft would consider that a security vulnerability

is there a way to call it like this?

Already happens. But you can’t bypass group policy with that.

ok, most of our clients have powershell disabled anyway. i’ll find a different way to get this done. thx

trying this as the 1st command of the script:

Set-ExecutionPolicy -Scope CurrentUser bypass

Seems to work.

Continue reading and comment on the thread ‘Bypassing Group Policy for PowerShell Scripts’.  Not a member? Join Here!

Categories: All Archives, ControlUp Scripts & Triggers
Topics: , , , , ,

Ask Us Anything, Connect, Learn, and Grow with the ControlUp Community!

Login to the ControlUp Community to ask us anything, stay up-to-date on what’s new and coming soon and meet other like-minded techies like you.

Not already a member? Join Today!