Sometimes I’m at a customer where an end-user calls while testing the newly build environment and reports that some settings are not applied. Often these settings are applied through Group Policy or PowerShell scripts.
For the PowerShell part, the first thing I check is the execution policy.
Although I could ask the user to provide me the output of the Get-ExecutionPolicy command, they will probably not appreciate me for asking this.
Next to that, most of the times I get a incident ticket with the message and no contact with the end-user myself.
Because of this, I’ve written this PowerShell function to get the execution policy for a remote computer:
#Usage: Get-RemoteExecutionPolicy Laptop1
function Get-RemoteExecutionPolicy ($TargetName)
{
$RegKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine, $TargetName)
$PSRegKey= $RegKey.OpenSubKey(“SOFTWARE\\Microsoft\\Powershell\\1\\ShellIds\\Microsoft.PowerShell”)
$Policy = ($PSRegKey.getvalue(“ExecutionPolicy”)).tostring()
Return $Policy
}
It is also possible to invoke a command on the remote machine… like this:
Invoke-Command –Computer Laptop1 –ScriptBlock {Get-ExecutionPolicy}
Another way of doing this, is by using a remote PowerShell session… like this:
New-PSSession –Computer Laptop1 | Get-ExecutionPolicy
For more information about the commands to get the execution policy for specific scopes you can read one of my previous posts: PowerShell and the execution policies explained
Correct me if I’m wrong, but I think this is dependent on the remote registry service. For a WMI based query, try this:
function get-RemoteExecutionPolicy{
param(
[string]$computer=”.”)
$executionpolicy=([WMIClass]”\$computerROOTDEFAULT:StdRegProv”).GetStringValue(“2147483650”, “SOFTWARE\Microsoft\Powershell\1\ShellIds\Microsoft.PowerShell”, “Executionpolicy”).svalue
return $executionpolicy
}
Hi Andrew,
Correct, my first option depends on the remote registry service… The second and third do not.
Thanks for your WMI version, good one! 🙂
Jeff.
Hi, there are a couple of caveats to reading the execution policy from the registry such as when Group Policy is used or if an invalid value it set. I’ve documented them here…
http://david-homer.blogspot.co.uk/2015/01/using-regedit-to-view-and-set.html
Hi David,
Thanks for sharing!
Jeff.