Hi,
I would like to check if anyone has use _BESClient_PowerShell_DisableExecPolicyBypass native bigfix command before? Able how do i make it works so that the powershell cmdlet that wish to distribute to clients machines will be successful.
i try the below but it did not work.
setting “_BESClient_PowerShell_DisableExecPolicyBypass”=“True” on “{parameter “action issue date” of action}” for client
https://help.hcltechsw.com/bigfix/10.0/patch/Platform/Config/r_client_set.html#r_client_set__misc
Set the value to “1” to enable or “0” to disable the setting
@greeks516 - "When this setting is enabled (value is set to 1), the script runs without the -ExecutionPolicy Bypass option and the Client uses the default execution policy set in the operating system
To check the Default execution policy set in the Operation system:
This command displays the execution policies for each scope in the order of precedence.
Get-ExecutionPolicy -List
Scope ExecutionPolicy
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser AllSigned
LocalMachine Undefined
To Set an execution policy:
This example shows how to set an execution policy for the local computer
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine
Get-ExecutionPolicy -List
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser AllSigned
LocalMachine RemoteSigned
Hi @trn,
i ever tried using setting “_BESClient_PowerShell_DisableExecPolicyBypass”=“1” but the action failed at this point and couldn’t complete the rest.
May i ask if there are still any action that i miss after input setting “_BESClient_PowerShell_DisableExecPolicyBypass”=“1” “xxxxxx”
Is there anything that i need to input in “xxxxx”?
Hi @orbiton,
I have scripted the below using BigFix action script, script type set to “PowerShell”,
I scripted the below cmdlet and it was successfully executed with exit code return ‘0’ but overridden with error ‘-1’.
I was thinking if i can use setting “_BESClient_PowerShell_DisableExecPolicyBypass”=“1” to replace with Set-ItemProperty hklm:\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell -Name ExecutionPolicy -Value unrestricted
set-location hklm:\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
Set-ItemProperty hklm:\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell -Name ExecutionPolicy -Value unrestricted
Enable-WindowsOptionalFeature -Online -featurename Windows-Defender-ApplicationGuard -Norestart
Enable-WindowsOptionalFeature -Online -featurename Microsoft-Hyper-V-All -Norestart
Set-ItemProperty hklm:\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell -Name ExecutionPolicy -Value restricted
Hi @greeks516
If your Environment does not enforce specific Execution Policy.
You can do the following:
Create Action with “PowerShell” Type
On there you will only need to paste:
Enable-WindowsOptionalFeature -Online -featurename Windows-Defender-ApplicationGuard -Norestart
Enable-WindowsOptionalFeature -Online -featurename Microsoft-Hyper-V-All -Norestart
In reality, it will create a PS1 file with those lines and will add “Bypass” Execution Policy switch.
In that way, you dont need to change the LocalMachine setting.
Don’t add Registry changes to the Execution Policy on the PowerShell script.