SCCM Client Setting – Powershell Execution policy bypass not working on POSH v1.0

 

Edit,

Mystery solved, thanks to Eskonr over at /r/sccm

Just turns out that Posh 1.0 doesnt support the Bypass parameter

as stated in link below: PowerShell 1.0 does not support Undefined and Bypass execution policies.

https://technet.microsoft.com/en-us/library/hh846237.aspx?f=255&MSPPError=-2147217396#BKMK_RunPowerShellScript

And bypass ins’t included in the documentation for the Cmdlet Set-executionpolicy for V1.0

https://technet.microsoft.com/en-us/library/ee176961.aspx

 

 

So i experienced a interesting scenario recently during an deployment, this deployment was aimed for machines running Windows XP and a bunch of clients were failing. So my next step was to try to install the deployment manually on one of the nodes that failed and i was reminded about the execution policy and the install was successful as soon as the execution policy was changed.

So i thought was that there was some kind of problem with the Policy on the local client but running policy evaluation didn’t show any errors worth noting.

 

client

 

That lead me to take a look at the AppEnforce.log to find out whats happening when the installation is about to get invoked and found the following line which seemed suspicious

 

  Prepared command line: “C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe” -NoLogo -NonInteractive C:\WINDOWS\ccmcache\12l\Install.ps1

 

ccmlog

 

there was something missing here, wheres the -ExecutionPolicy Bypass parameter ?

 

It was after this i started to look at which version of Powershell the different clients were running, all of them should me be running 2.0 but found out that all the systems who failed was actually running 1.0.

Next step was to install Powershell 2.0 (KB968930) and forcing a policy evaluation refresh (without the policy refresh it still tried to run the command without the -ExecutionPolicy parameter) the executing command line included the correct parameter -ExecutionPolicy Bypass and everything worked perfectly.

 

  Executing Command line: “C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe” -NoLogo -NonInteractive -ExecutionPolicy Bypass C:\WINDOWS\ccmcache\157\Install.ps1 with user context

ccmlog2

So by the looks of things it seems that the client setting can’t apply the Execution policy without having Powershell 2.0 installed.

Has anyone else experienced anything similar before? I find this very interesting and let me know if you have. I will continue to investigate this and see if i can replicate it in other scenarios.

 

Until next time, Cheers Timmy