1
00:00:00,640 --> 00:00:04,350
So let's go on to a Windows 10 machine, which has PowerShell installed,

2
00:00:04,350 --> 00:00:09,420
and we'll review the PowerShell execution policy precedence by executing

3
00:00:09,420 --> 00:00:12,740
the PowerShell and looking at what's available to us.

4
00:00:12,740 --> 00:00:15,060
So here we are on the Windows 10 machine,

5
00:00:15,060 --> 00:00:18,920
and the first thing we want to do is actually launch PowerShell itself.

6
00:00:18,920 --> 00:00:20,840
So there are a few different ways of doing this.

7
00:00:20,840 --> 00:00:23,750
If we just go to the Start menu and type powershell,

8
00:00:23,750 --> 00:00:26,240
you'll see we have Windows PowerShell.

9
00:00:26,240 --> 00:00:27,760
I have PowerShell 7.

10
00:00:27,760 --> 00:00:29,900
I have the PowerShell ISE.

11
00:00:29,900 --> 00:00:33,080
And then, of course, I can also type terminal,

12
00:00:33,080 --> 00:00:34,850
and I actually have Windows Terminal.

13
00:00:34,850 --> 00:00:37,010
Now I like to use the Windows Terminal,

14
00:00:37,010 --> 00:00:38,930
so I'm going to right‑click here and choose Run as

15
00:00:38,930 --> 00:00:41,670
administrator and just click Yes.

16
00:00:41,670 --> 00:00:47,800
The reason I use Windows Terminal is because it's the newest version.

17
00:00:47,800 --> 00:00:51,490
It also lets me kind of set some specifics around the

18
00:00:51,490 --> 00:00:53,470
types of PowerShell that are being used.

19
00:00:53,470 --> 00:00:58,450
So you'll notice this was the first bit of PowerShell, and it says pscore6.

20
00:00:58,450 --> 00:01:01,620
If I choose the drop‑down here, I've got the Command Prompt,

21
00:01:01,620 --> 00:01:03,740
Azure Shell, and PowerShell 7.

22
00:01:03,740 --> 00:01:05,750
So I'm going to choose PowerShell 7 here.

23
00:01:05,750 --> 00:01:08,040
And you can see there's a new update.

24
00:01:08,040 --> 00:01:10,940
I'm just going to ignore that for now and just click clear.

25
00:01:10,940 --> 00:01:15,340
Okay, so now we're sitting at our PowerShell prompt.

26
00:01:15,340 --> 00:01:18,620
So what we want to do here is actually look at the execution

27
00:01:18,620 --> 00:01:21,350
policies and the scopes that kind of tie altogether.

28
00:01:21,350 --> 00:01:24,890
So to do this, we're just going to say Get‑ExecutionPolicy.

29
00:01:24,890 --> 00:01:28,240
And then we'll use the parameter of List.

30
00:01:28,240 --> 00:01:32,440
Now what you can see here is it gives us the scope.

31
00:01:32,440 --> 00:01:36,310
So notice we have Process, CurrentUser, and LocalMachine.

32
00:01:36,310 --> 00:01:39,830
And then, of course, we have two more, which are the group policy ones,

33
00:01:39,830 --> 00:01:42,640
which are MachinePolicy and UserPolicy.

34
00:01:42,640 --> 00:01:47,640
Now, as you can see, the LocalMachine one has been set to RemoteSigned.

35
00:01:47,640 --> 00:01:49,870
That's because I kind of set that before.

36
00:01:49,870 --> 00:01:53,040
But the others are set to Undefined,

37
00:01:53,040 --> 00:01:57,000
which means that if we think of the precedence of how that goes,

38
00:01:57,000 --> 00:02:01,800
that if I try to execute something, then it's going to check the Process,

39
00:02:01,800 --> 00:02:04,940
check the CurrentUser, and then check the LocalMachine,

40
00:02:04,940 --> 00:02:07,730
and then it will determine which one it should be.

41
00:02:07,730 --> 00:02:15,240
In this instance, it will pick this option here, so the RemoteSigned option.

42
00:02:15,240 --> 00:02:19,240
Now I suppose the question would be, What would happen if we try to

43
00:02:19,240 --> 00:02:23,240
execute a PowerShell script here? So, first off,

44
00:02:23,240 --> 00:02:29,040
if I just do a directory, you can see that I have a Test.ps1 script right here,

45
00:02:29,040 --> 00:02:30,640
so I'm going to clear that.

46
00:02:30,640 --> 00:02:36,500
So what I want to be able to do is execute the Test.ps1 file.

47
00:02:36,500 --> 00:02:40,440
So I'm going to execute this here. And notice it just returns back and says,

48
00:02:40,440 --> 00:02:44,990
This is a test script. So it actually executed the command.

49
00:02:44,990 --> 00:02:48,510
Now, if we go back to the list, how does that work?

50
00:02:48,510 --> 00:02:53,360
Well, remember the LocalMachine policy, whether it's RemoteSigned or not,

51
00:02:53,360 --> 00:02:57,790
it will always execute local scripts and commands.

52
00:02:57,790 --> 00:03:03,860
So even though it's been set to RemoteSigned and should require what you would

53
00:03:03,860 --> 00:03:07,540
expect a digital signature assigned to it, if it's local,

54
00:03:07,540 --> 00:03:08,770
it's always going to work.

55
00:03:08,770 --> 00:03:13,740
So that's kind of a practical thing to see. Now if we change that, so I'm

56
00:03:13,740 --> 00:03:19,740
going to say Set‑ExecutionPolicy and just say Restricted,

57
00:03:19,740 --> 00:03:23,430
and then we'll clear that out, and then we'll just go back and say

58
00:03:23,430 --> 00:03:26,720
Get‑ExecutionPolicy, you can see that's been changed.

59
00:03:26,720 --> 00:03:30,040
Now what does that do when we try to execute the script again?

60
00:03:30,040 --> 00:03:32,150
So I'm trying to run it. Now, of course,

61
00:03:32,150 --> 00:03:37,080
this time it now fails the execution of that one because for the specific

62
00:03:37,080 --> 00:03:40,920
scope, we have set it to Restricted, which means nope,

63
00:03:40,920 --> 00:03:42,440
it's not going to work whatsoever.

64
00:03:42,440 --> 00:03:45,330
And we could continue to change the execution policy.

65
00:03:45,330 --> 00:03:46,290
Now, of course,

66
00:03:46,290 --> 00:03:49,240
if we look at changing those in the future to perhaps

67
00:03:49,240 --> 00:03:52,040
having a CurrentUser or even a Process one,

68
00:03:52,040 --> 00:03:55,180
then we can have completely different impacts and different

69
00:03:55,180 --> 00:03:58,290
effects by running the same PowerShell script.

70
00:03:58,290 --> 00:03:59,110
So, for example,

71
00:03:59,110 --> 00:04:03,230
if we had something set at Process, CurrentUser, and LocalMachine,

72
00:04:03,230 --> 00:04:07,570
depending on which one it hit first would determine what would happen.

73
00:04:07,570 --> 00:04:18,000
But it's as simple as executing Get‑ExecutionPolicy ‑List to be able to see the enforced policies for the specific scopes.