1
00:00:01,140 --> 00:00:03,840
So now that we've looked at the precedents,

2
00:00:03,840 --> 00:00:08,640
how do we actually go about setting execution policies?

3
00:00:08,640 --> 00:00:12,180
Well, to set execution policies, they can be assigned, as we've

4
00:00:12,180 --> 00:00:17,940
talked about, to a default scope or a specific scope.

5
00:00:17,940 --> 00:00:20,580
The default scope will always be LocalMachine,

6
00:00:20,580 --> 00:00:25,650
which will actually affect everybody who goes into that computer. Execution

7
00:00:25,650 --> 00:00:30,210
policies can also be used on a per PowerShell session.

8
00:00:30,210 --> 00:00:32,630
So as we launch the PowerShell client,

9
00:00:32,630 --> 00:00:39,440
we can append what that policy should be to the Start command.

10
00:00:39,440 --> 00:00:42,850
So how do we set the default execution policy? Well, just like the

11
00:00:42,850 --> 00:00:45,980
previous one, to retrieve the current policy, remember,

12
00:00:45,980 --> 00:00:50,220
we retrieved the scopes and the policies last time by using

13
00:00:50,220 --> 00:00:53,210
Get‑ExecutionPolicy with the parameter of ‑List.

14
00:00:53,210 --> 00:00:57,500
This time around, if we just call Get‑ExecutionPolicy,

15
00:00:57,500 --> 00:01:02,240
it will retrieve the current applied policy.

16
00:01:02,240 --> 00:01:06,150
We can then set the execution policy by simply calling

17
00:01:06,150 --> 00:01:09,650
Set‑ExecutionPolicy and then passing in whatever that would be.

18
00:01:09,650 --> 00:01:12,590
So in this instance, I'm setting it to Unrestricted,

19
00:01:12,590 --> 00:01:20,340
which actually is one of the most common levels that you would set it to.

20
00:01:20,340 --> 00:01:25,480
So what about if we wanted to set scoped execution policy? Now think of this.

21
00:01:25,480 --> 00:01:29,560
In the last example, I said Set‑ExecutionPolicy Unrestricted,

22
00:01:29,560 --> 00:01:32,640
which means it will be applied to everything.

23
00:01:32,640 --> 00:01:36,320
But we can go through and set that to those specific scopes.

24
00:01:36,320 --> 00:01:37,170
So if you remember,

25
00:01:37,170 --> 00:01:42,140
we have Process, CurrentUser, and LocalMachine, and then we have our policy.

26
00:01:42,140 --> 00:01:45,630
So in this example here, I'm setting the ExecutionPolicy

27
00:01:45,630 --> 00:01:48,770
to RemoteSigned for the LocalMachine,

28
00:01:48,770 --> 00:01:53,640
which means that will affect everybody who comes into that machine.

29
00:01:53,640 --> 00:01:56,130
The next example here would be, well, actually,

30
00:01:56,130 --> 00:02:01,880
for the current user, I want to allow AllSigned, so a different type of policy.

31
00:02:01,880 --> 00:02:03,770
It's not going to affect everybody.

32
00:02:03,770 --> 00:02:06,640
It will just be the currently logged in user.

33
00:02:06,640 --> 00:02:09,450
And then, of course, we can do this remotely as well.

34
00:02:09,450 --> 00:02:13,630
So in previous PowerShell courses that have been written

35
00:02:13,630 --> 00:02:19,450
and blog posts that have been written, we can learn about Invoke‑Command.

36
00:02:19,450 --> 00:02:24,940
Now the Invoke‑Command is used heavily to run a command on a remote machine.

37
00:02:24,940 --> 00:02:30,050
So, for example, if I need to execute a policy somewhere on a different machine,

38
00:02:30,050 --> 00:02:32,240
I could say Invoke‑Command.

39
00:02:32,240 --> 00:02:34,420
Then, of course, we have the parameter called ComputerName,

40
00:02:34,420 --> 00:02:36,640
which will be the name of the remote machine.

41
00:02:36,640 --> 00:02:39,290
And then the parameter called ScriptBlock lets me

42
00:02:39,290 --> 00:02:41,000
pass in whatever that would be.

43
00:02:41,000 --> 00:02:44,960
And it's as simple as saying Get‑ExecutionPolicy, and

44
00:02:44,960 --> 00:02:47,310
then I can set the execution policy.

45
00:02:47,310 --> 00:02:53,640
Right now it's blank, but I could set that to a specific value.

46
00:02:53,640 --> 00:02:56,740
Now, how do we set the execution policy for a single session?

47
00:02:56,740 --> 00:03:01,020
Let's say you you don't want to have something done by Group Policy.

48
00:03:01,020 --> 00:03:05,100
Or maybe you do, but for this specific PowerShell session,

49
00:03:05,100 --> 00:03:06,940
you want it to be different.

50
00:03:06,940 --> 00:03:10,650
Well, the first thing we do is we can launch PowerShell using the command line,

51
00:03:10,650 --> 00:03:13,550
which is pwsh.exe.

52
00:03:13,550 --> 00:03:16,280
We can actually just launch that from the command line.

53
00:03:16,280 --> 00:03:20,060
What we do is we utilize an execution parameter.

54
00:03:20,060 --> 00:03:23,220
So the parameter is ‑ ExecutionPolicy,

55
00:03:23,220 --> 00:03:27,220
and then we assign the policy, whether it's Unrestricted,

56
00:03:27,220 --> 00:03:30,140
Restricted, or AllSigned.

57
00:03:30,140 --> 00:03:33,460
This will not save this value to the registry.

58
00:03:33,460 --> 00:03:37,780
This is a one‑time execution value for that specific session.

59
00:03:37,780 --> 00:03:46,000
So if you tie all that together, you're going to type pwsh, space, ‑ ExecutionPolicy, and then the policy.