Hi
In Endpoint security we have an attack surface reduction policy setup.
We noticed that this policy was preventing our PowerShell scripts from running from SCCM.
We made an exclusion here:

This allowed SCCM to execute scripts one the exception was made.
The issue however is, this will allow the end user to execute PowerShell scripts as well since their is an exclusion.
Is there anyway to let SCCM be excluded but still prevent users from running PowerShell scripts?
Thanks

