Hey everyone! I'm seeking some help with deploying a PowerShell script for backing up BitLocker keys to Active Directory before enabling BitLocker on target machines. While my script works perfectly when I manually change the execution policy to RemoteSigned, I can't do this for every computer ahead of a GPO deployment.
I've set up the script in a shared folder on our domain controller and configured it in the GPO. The task scheduler is set to trigger it on logon and idle, running the command as follows: Powershell.exe -NoProfile -NonInteractive -WindowStyle Hidden -ExecutionPolicy Bypass -File "\DC04BitlockerBitLocker.ps1". However, when trying to run it, I keep hitting the "Running scripts is disabled on this system" error.
Any ideas on how I can proceed with the deployment without manually adjusting the execution policy on each machine? Thanks!
1 Answer
What I've done to handle the execution policy issue is to use a batch file that sets the policy right before running the PowerShell script. You can execute a command in your batch file like this:
`C:windowsSystem32WindowsPowerShellv1.0powershell.exe -Command "& {Set-ExecutionPolicy RemoteSigned -Force}"` followed by your script. Just remember to reset the execution policy at the end if that’s a concern for you!
Here's a simple template for your batch file. Make sure your .bat and .ps1 files are in the same folder:
```@echo off
PowerShell.exe -NoProfile -ExecutionPolicy Bypass -Command "Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File "%~dp0NAMEOFSCRIPT.ps1"' -Verb RunAs"```
Just change NAMEOFSCRIPT to your actual script file name. This way, you're good to go!