1
00:00:00,840 --> 00:00:03,480
So now that we understand execution policies,

2
00:00:03,480 --> 00:00:08,440
let's understand how that flows into PowerShell scopes.

3
00:00:08,440 --> 00:00:12,940
Now, firstly, we need to understand what a PowerShell scope actually is.

4
00:00:12,940 --> 00:00:15,960
So execution policies can be set, remember,

5
00:00:15,960 --> 00:00:19,340
at the current user level or the local machine level,

6
00:00:19,340 --> 00:00:23,840
which, then on a Windows machine, will store those values within a registry.

7
00:00:23,840 --> 00:00:29,130
Now we do have another option that's available to us for execution policies,

8
00:00:29,130 --> 00:00:32,950
but in order to understand that, we need to know what those three scopes are.

9
00:00:32,950 --> 00:00:36,460
So our first scope that we haven't talked about yet is the Process.

10
00:00:36,460 --> 00:00:48,040
So we can actually assign an execution policy to a specific process,

11
00:00:48,040 --> 00:00:53,040
such as the PowerShell session that we have launching at the time.

12
00:00:53,040 --> 00:00:58,640
We then also have the CurrentUser one, which will only affect the

13
00:00:58,640 --> 00:01:02,040
specific user who happens to be logged in at that point.

14
00:01:02,040 --> 00:01:03,990
So if I'm logged into the Windows machine,

15
00:01:03,990 --> 00:01:07,440
then it executes, you know, and the policy is assigned to me.

16
00:01:07,440 --> 00:01:09,340
Then there's the LocalMachine scope,

17
00:01:09,340 --> 00:01:11,580
which means that whatever the policy is assigned,

18
00:01:11,580 --> 00:01:17,040
it will affect every single user on that machine.

19
00:01:17,040 --> 00:01:20,790
Now we can utilize Group Policy to kind of associate and

20
00:01:20,790 --> 00:01:23,470
assign these policies. Now, first off,

21
00:01:23,470 --> 00:01:27,720
we have a machine policy, so we can set that by the Group Policy,

22
00:01:27,720 --> 00:01:32,320
and it will affect all of the users on the computer, so

23
00:01:32,320 --> 00:01:34,350
machine policy can be associated.

24
00:01:34,350 --> 00:01:37,290
We can also assign a user policy,

25
00:01:37,290 --> 00:01:42,090
which will be a Group Policy to affect the current user on the computer.

26
00:01:42,090 --> 00:01:47,910
Now notice we're not able to create a process policy because the process

27
00:01:47,910 --> 00:01:51,570
is done at the launching of the specific application.

28
00:01:51,570 --> 00:01:53,640
So in this instance, it'll be PowerShell.

29
00:01:53,640 --> 00:01:57,240
So there's no way for us to define a Group Policy that says every

30
00:01:57,240 --> 00:02:01,890
time you do X, use this session type policy. So it's important to

31
00:02:01,890 --> 00:02:09,000
understand the differences, three types of scopes and then multiple policies that we can associate.