1
00:00:00,140 --> 00:00:07,620
Now we also need to understand how and the order that the policies are executed.

2
00:00:07,620 --> 00:00:08,540
So, for example,

3
00:00:08,540 --> 00:00:11,620
what happens if we have a Windows machine where we're pushing out a

4
00:00:11,620 --> 00:00:15,790
policy using Group Policy to the machine itself,

5
00:00:15,790 --> 00:00:18,480
but then we happen to have a user policy,

6
00:00:18,480 --> 00:00:20,260
and we have a process policy?

7
00:00:20,260 --> 00:00:23,540
What's the order that they would be executed?

8
00:00:23,540 --> 00:00:25,840
Well, it's really easy.

9
00:00:25,840 --> 00:00:29,640
So to begin with, it always looks at the current process,

10
00:00:29,640 --> 00:00:31,030
so it'll start at the process.

11
00:00:31,030 --> 00:00:35,640
So if we launch PowerShell, the actual PowerShell console,

12
00:00:35,640 --> 00:00:40,320
tagging in a specific execution policy, that's what it will look for first.

13
00:00:40,320 --> 00:00:44,300
If we just launch the PowerShell window without that,

14
00:00:44,300 --> 00:00:47,440
then it will look at the current user.

15
00:00:47,440 --> 00:00:51,140
So if there's a policy assigned, then that's what it will execute.

16
00:00:51,140 --> 00:00:54,940
If we have no execution policy for the current user,

17
00:00:54,940 --> 00:00:57,890
then it will go ahead and look at the local machine

18
00:00:57,890 --> 00:01:00,240
policy that would be assigned.

19
00:01:00,240 --> 00:01:04,810
If all of those fail and it can't identify a process policy,

20
00:01:04,810 --> 00:01:09,910
a user or a machine policy, then it will default to restricted,

21
00:01:09,910 --> 00:01:12,150
which is the standard block.

22
00:01:12,150 --> 00:01:16,510
So what you'll find on a fresh, let's say, Windows 10 machine, you'll open up

23
00:01:16,510 --> 00:01:21,170
the PowerShell window and try to execute a PowerShell script,

24
00:01:21,170 --> 00:01:25,170
and it'll come back and say it's restricted because at that moment in time,

25
00:01:25,170 --> 00:01:31,340
you have no process policy, no user policy, or no local machine policy.

26
00:01:31,340 --> 00:01:35,220
So how do we actually retrieve the current execution policy precedence

27
00:01:35,220 --> 00:01:39,250
order? Well, this is done in a single PowerShell command. We can use

28
00:01:39,250 --> 00:01:49,000
Get‑ExecutionPolicy and then use the parameter of ‑List. This will then output what's available to us and what's been defined.