1
00:00:00,440 --> 00:00:03,450
So let's go back onto our Windows machine, and we'll first

2
00:00:03,450 --> 00:00:08,540
retrieve the current execution policy, the one that's applied right now.

3
00:00:08,540 --> 00:00:11,370
We'll then set the default execution policy,

4
00:00:11,370 --> 00:00:14,200
which means it's going to go into the local computer one.

5
00:00:14,200 --> 00:00:18,840
We'll then set a scoped execution policy. And then lastly,

6
00:00:18,840 --> 00:00:22,520
we'll launch a new PowerShell session with a different

7
00:00:22,520 --> 00:00:26,740
execution policy to the scoped and the default.

8
00:00:26,740 --> 00:00:28,780
Okay, so we're back in the PowerShell window,

9
00:00:28,780 --> 00:00:31,970
and this time what we want to be able to do is see

10
00:00:31,970 --> 00:00:34,840
what the current execution policy is.

11
00:00:34,840 --> 00:00:36,930
Now, the last time we went here,

12
00:00:36,930 --> 00:00:39,970
we chose Get‑ExecutionPolicy, and if you remember,

13
00:00:39,970 --> 00:00:45,640
we chose the word list, which gave us what our setting should actually be.

14
00:00:45,640 --> 00:00:50,140
Now if we actually remove the list option and just press Enter,

15
00:00:50,140 --> 00:00:54,220
it will actually return the specific setting for the

16
00:00:54,220 --> 00:00:57,100
execution policy that we have as default,

17
00:00:57,100 --> 00:01:00,530
which will be the local machine. Now, if I wanted

18
00:01:00,530 --> 00:01:04,210
to change that as we did before, I could then say,

19
00:01:04,210 --> 00:01:07,550
Set‑ExecutionPolicy Unrestricted, get the policy,

20
00:01:07,550 --> 00:01:09,530
and it would return that value.

21
00:01:09,530 --> 00:01:11,910
Now of course, as you can see every time I set the value,

22
00:01:11,910 --> 00:01:15,680
it's only updating the local machine option, it isn't

23
00:01:15,680 --> 00:01:19,220
making a change to any of the other scopes,

24
00:01:19,220 --> 00:01:22,860
and that's because when we're defining a policy for a scope,

25
00:01:22,860 --> 00:01:26,340
we actually have to pass the scope in place.

26
00:01:26,340 --> 00:01:32,060
So let's just do Get‑ExecutionPolicy again with the list and we get

27
00:01:32,060 --> 00:01:35,360
our list of Process, CurrentUser, and LocalMachine.

28
00:01:35,360 --> 00:01:38,380
So right now, our default policy is unrestricted.

29
00:01:38,380 --> 00:01:44,490
So I'm going to set this one back Set‑Execution to Restricted and you'll

30
00:01:44,490 --> 00:01:48,040
see that means my local machine is now restricted.

31
00:01:48,040 --> 00:01:53,160
What I'm then going to do is now set a scope level one

32
00:01:53,160 --> 00:01:56,640
instead, so Set‑ExecutionPolicy.

33
00:01:56,640 --> 00:02:01,890
I'm going to say ExecutionPolicy, let's do RemoteSigned, and then I'm going to

34
00:02:01,890 --> 00:02:07,640
set the scope of that to CurrentUser, and then press Enter.

35
00:02:07,640 --> 00:02:12,590
Now I'm going to go back and choose get the list.

36
00:02:12,590 --> 00:02:17,990
Now you can see that we have two different types of

37
00:02:17,990 --> 00:02:21,600
policies associated to two different scopes.

38
00:02:21,600 --> 00:02:26,130
Now remember how we executed the test command, well the test PowerShell script,

39
00:02:26,130 --> 00:02:28,740
what effect does that have now?

40
00:02:28,740 --> 00:02:34,310
So if we say Test.ps1, notice that it executes. Why does it do that?

41
00:02:34,310 --> 00:02:37,140
Because, of course, when we learned about precedence,

42
00:02:37,140 --> 00:02:41,590
it will hit current user before it hits local machine and

43
00:02:41,590 --> 00:02:43,910
it adopts the remote signed option,

44
00:02:43,910 --> 00:02:50,050
which means that we're now able to execute that versus it being restricted.

45
00:02:50,050 --> 00:02:52,040
So let's change that around a little bit.

46
00:02:52,040 --> 00:02:57,740
So let me go back to here, CurrentUser, and we'll change the

47
00:02:57,740 --> 00:03:04,140
ExecutionPolicy, so Restricted, and we'll say Scope is CurrentUser.

48
00:03:04,140 --> 00:03:09,110
Then we'll also run this a little bit differently and we'll then

49
00:03:09,110 --> 00:03:17,590
say Unrestricted ‑Scope LocalMachine. Now,

50
00:03:17,590 --> 00:03:18,780
notice what's happened here.

51
00:03:18,780 --> 00:03:22,160
It says PowerShell updated the policy successfully,

52
00:03:22,160 --> 00:03:25,740
but the setting might be overridden by something else.

53
00:03:25,740 --> 00:03:29,440
So let's have a look at the execution policy that we've got

54
00:03:29,440 --> 00:03:32,530
like so. So now we can see that we have CurrentUser is

55
00:03:32,530 --> 00:03:36,340
Restricted, LocalMachine is Unrestricted.

56
00:03:36,340 --> 00:03:40,690
So now the question would be which one of those will actually happen.

57
00:03:40,690 --> 00:03:44,090
So if we go back to our PowerShell script, notice what

58
00:03:44,090 --> 00:03:47,530
happens, it gets blocked by the current user one,

59
00:03:47,530 --> 00:03:50,290
even though the local machine one is completely

60
00:03:50,290 --> 00:03:54,790
unrestricted so there is a practical example of precedence

61
00:03:54,790 --> 00:03:57,180
of those things that are there. Now, of course,

62
00:03:57,180 --> 00:04:04,090
what we can do is we can also try to run PowerShell with a specific policy.

63
00:04:04,090 --> 00:04:08,650
So what I'm going to do here is just clear this and I'm actually going to go

64
00:04:08,650 --> 00:04:13,130
to the menu here and just choose command prompt because what I want to be able

65
00:04:13,130 --> 00:04:19,060
to do is actually launch PowerShell, so pwsh, and then what I'm going to do

66
00:04:19,060 --> 00:04:27,040
here ExecutionPolicy and Unrestricted.

67
00:04:27,040 --> 00:04:29,270
Now, notice what happened here.

68
00:04:29,270 --> 00:04:32,680
I just told it to launch PowerShell inside a command prompt,

69
00:04:32,680 --> 00:04:34,940
which we've done 1000 times.

70
00:04:34,940 --> 00:04:37,960
Now what I'm going to do here is say get the execution

71
00:04:37,960 --> 00:04:41,110
policy and notice its unrestricted.

72
00:04:41,110 --> 00:04:42,230
Now, bear in mind,

73
00:04:42,230 --> 00:04:49,220
the default policy for the machine was restricted, so for whatever reason,

74
00:04:49,220 --> 00:04:52,070
when I ran it with the execution policy as unrestricted,

75
00:04:52,070 --> 00:04:57,780
it now adopts that, so let's do Get‑ExecutionPolicy and list and

76
00:04:57,780 --> 00:05:01,830
you'll see that process now has a value, current user has a

77
00:05:01,830 --> 00:05:05,030
value, and local machine has a value.

78
00:05:05,030 --> 00:05:09,430
Now, the process one only runs in the context of this kind of tab.

79
00:05:09,430 --> 00:05:16,380
If I go to this tab here, and if I do Get‑ExecutionPolicy and

80
00:05:16,380 --> 00:05:21,400
List, so you can see we have no process defined, so what should

81
00:05:21,400 --> 00:05:23,110
happen is it should be restricted.

82
00:05:23,110 --> 00:05:24,280
So I'm going to say Test,

83
00:05:24,280 --> 00:05:28,890
which it does, but if I go back on this side and say Test,

84
00:05:28,890 --> 00:05:30,840
it will execute.

85
00:05:30,840 --> 00:05:34,350
So it's really important to understand where to assign those policies.

86
00:05:34,350 --> 00:05:36,850
Do you assign them at the process level because it's just

87
00:05:36,850 --> 00:05:38,910
going to work for that specific session,

88
00:05:38,910 --> 00:05:41,100
or do we set them at the current user,

89
00:05:41,100 --> 00:05:45,340
or do we just use the default options and put it as a local machine?

90
00:05:45,340 --> 00:05:49,100
So depending the one that you choose will dictate whether the

91
00:05:49,100 --> 00:05:52,410
script can actually execute or not, but in reality,

92
00:05:52,410 --> 00:05:56,530
it's the same syntax. We're going to choose Get‑ExecutionPolicy to

93
00:05:56,530 --> 00:06:01,170
retrieve the currently enforced one or we're going to do list to get

94
00:06:01,170 --> 00:06:08,000
the list by policy and by scope, and then we can use Set‑ExecutionPolicy to choose what we would need.