question

AndreasLundgren-3062 avatar image
0 Votes"
AndreasLundgren-3062 asked IanXue-MSFT commented

Powershell Get-Itemproperty returns wrong value

Hello all,
I am working on a script to test computers for compliance to a set of specifications.
One of these is that the computer must have the Powershell executionpolicy set to "Remotesigned".
This is that part of the script:

 $policy=Get-ItemProperty HKLM:\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell -Name ExecutionPolicy
 $policy32=Get-ItemProperty HKLM:\SOFTWARE\WOW6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell -Name Executionpolicy

The problem is that $policy returns "Unrestricted" even if the registry says otherwise:
81037-1.png



Also, Get-ExecutionPolicy run locally returns "RemoteSigned" as it should.
The script is pushed to the computer by a MDM program and is executed as SYSTEM, 64-bit.
When run locally as administrator, it produces the correct result.
Unfortunately I am stuck running with SYSTEM and can't run as any other user.
I've drawn the conclusion that the execution as SYSTEM has something to do with it but I can't figure out how and why. Any ideas?

windows-server-powershell
1.png (124.9 KiB)
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Did you run the command on the local computer or the remote computer?

0 Votes 0 ·

The script is transferred to the computer by a MDM agent on the same computer and executed by the same agent, so from the perspective of the script it is local. When done this way it is run as SYSTEM in a 64-bit context and returns wrong data, "Unrestricted".
The exact same script run as local administrator returns "RemoteSigned" as expected.


0 Votes 0 ·
IanXue-MSFT avatar image IanXue-MSFT AndreasLundgren-3062 ·

I'm not sure if the result is retrieved from the local computer. What about the ComputerName?

 Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName -Name ComputerName
0 Votes 0 ·

0 Answers