Getting the PowerShell execution policy for a remote device

Sometimes I’m at a customer where an end-user calls while testing the newly build environment and reports that some settings are not applied. Often these settings are applied through Group Policy or PowerShell scripts.
For the PowerShell part, the first thing I check is the execution policy.

Although I could ask the user to provide me the output of the Get-ExecutionPolicy command, they will probably not appreciate me for asking this.
Next to that, most of the times I get a incident ticket with the message and no contact with the end-user myself.
Because of this, I’ve written this PowerShell function to get the execution policy for a remote computer:

#Usage: Get-RemoteExecutionPolicy Laptop1
function Get-RemoteExecutionPolicy ($TargetName)
$RegKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine, $TargetName)
$PSRegKey= $RegKey.OpenSubKey(“SOFTWARE\\Microsoft\\Powershell\\1\\ShellIds\\Microsoft.PowerShell”)
$Policy = ($PSRegKey.getvalue(“ExecutionPolicy”)).tostring()
Return $Policy

It is also possible to invoke a command on the remote machine… like this:

Invoke-Command –Computer Laptop1 –ScriptBlock {Get-ExecutionPolicy}

Another way of doing this, is by using a remote PowerShell session… like this:

New-PSSession –Computer Laptop1 | Get-ExecutionPolicy

For more information about the commands to get the execution policy for specific scopes you can read one of my previous posts: PowerShell and the execution policies explained


  1. Correct me if I’m wrong, but I think this is dependent on the remote registry service. For a WMI based query, try this:

    function get-RemoteExecutionPolicy{

        $executionpolicy=([WMIClass]”\$computerROOTDEFAULT:StdRegProv”).GetStringValue(“2147483650”, “SOFTWARE\Microsoft\Powershell\1\ShellIds\Microsoft.PowerShell”, “Executionpolicy”).svalue
        return $executionpolicy

  2. Jeff Wouters says:

    Hi Andrew,
    Correct, my first option depends on the remote registry service… The second and third do not.
    Thanks for your WMI version, good one! 🙂

  3. David Homer says:

    Hi, there are a couple of caveats to reading the execution policy from the registry such as when Group Policy is used or if an invalid value it set. I’ve documented them here…

  4. Jeff Wouters says:

    Hi David,
    Thanks for sharing!

Leave a Reply

Your email address will not be published. Required fields are marked *