How to restrict users and admins from running unsigned powershell scripts ? CSP/ADMX?
Devices are AAD joined and being enrolled with Autopilot. Someone please advice the better options.
Restrict Unsigned powershell scripts
You cannot directly enforce the PowerShell execution policy today using a CSP and the ADMX for this is currently blocked for use via an MDM.
The block is being removed and the ADMX will be surfaced in Intune soon though. Both of these should be available by summer for all supported versions of Windows (although that's not a guaranteed timeline or commitment).
For now, the best you can do is setting the appropriate registry value I believe although I haven't actually tried this (or if I have, I don't remember).
@SukeshChandran-5628, Agree with Jason, based on my research, the execution policies can only allow the script signed by a trusted publisher to be run. We can change the the execution policy for the LocalMachine scope by setting the string value ExecutionPolicy as AllSigned under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell. we can see more details in the following link:
https://winaero.com/change-powershell-execution-policy-windows-10/
Note: Non-Microsoft link,just for the reference:
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
9 people are following this question.
