The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,649 other followers

PowerShell “Set-ExecutionPolicy” via the registry

Posted by jpluimers on 2019/07/10

I wrote about the PowerShell Set-ExecutionPolicy a few times before (links are below).

After writing those, I found out there is another value ByPass and that there are ways to perform this in the Registry not just for the local machine, but also for a user. In retrospect, that last observation is a bit obvious, but it can be really convenient if you want to change it for a different user than yourself.

For the machine and current user, these are the registry paths where Set-ExecutionPolicy will set the value of ExecutionPolicy to the desired enumeration string:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell

The trick is that you can set this for any user if you have their SID, which – for many known entities – you can get from [MS-DTYP]: Well-Known SID Structures via The mother lode of well-known SIDs – The Old New Thing.

So for instance, below are the users, keys and statements for the users under which most services run, so after executing the one for your target service, it can run PowerShell scripts:

  • LOCAL_SYSTEM : HKEY_USERS\S-1-5-18\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
  • LOCAL_SERVICE : HKEY_USERS\S-1-5-19\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
  • NETWORK_SERVICE : HKEY_USERS\S-1-5-20\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell

A command to set the value of ExecutionPolicy there to RemoteSigned is this:

::LOCAL_SYSTEM
reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" /v "ExecutionPolicy" /t REG_SZ /d "RemoteSigned" /f

::LOCAL_SERVICE
reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" /v "ExecutionPolicy" /t REG_SZ /d "RemoteSigned" /f

::NETWORK_SERVICE
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" /v "ExecutionPolicy" /t REG_SZ /d "RemoteSigned" /f

Related:

–jeroen

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

 
%d bloggers like this: