Forum Discussion
How to allow powershell in managed device?
HI everyone, newbie admin here.
I am in the process of learning out to use the EndPoint Manager and I have enrolled my first device, which will be my work laptop. It is running windows 11 enterprise and it is enrolled in tenant with an account licensed at an 0365 A3 level.
Up until there, everything seems fine, but I stumbled into a problem. I can't run powershell cmdlets. It's a fine restriction to have on 99% of the systems I'll be administering, but I need to run it on mine for user creation, and general maintence, etc.
I can run the powershell cmdlets if a login as another, unmanaged , user, so it's not an install problem.
I have alllowed, through MMC the running of scripts, and through the endpoint managers the running of powershell scripts, but nothing happened. I know other policies are being applied and synced to the device, so I out of ideas.
See the pictures below:
Any suggestions?
This might be TLS 1.2 issue, can you run this ps and then install the module?
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Moe- No, that does nothing to the problem. But thanks anyways.
- Hi,
- Backup Exexcution Value :
$BkpEP = Get-ExecutionPolicy -List
- Then reduce the ExecutionPolicy level :
Set-ExecutionPolicy -ExexcutionPolicy
- Import your module
- when it’s done revert back the ExecutionPolicy value
Set-ExecutionPolicy -ExecutionPolicy $BkpEP
Be carefull, if you stay with ExecutionPolicy to Bypass you are under security riskI get this error and still not allowing me to run it or load the module
PS C:\Users\FlavioNeto> Set-ExecutionPolicy -ExecutionPolicy Bypass Set-ExecutionPolicy : Windows PowerShell updated your execution policy successfully, but the setting is overridden by a policy defined at a more specific scope. Due to the override, your shell will retain its current effective execution policy of Unrestricted. Type "Get-ExecutionPolicy -List" to view your execution policy settings. For more information please see "Get-Help Set-ExecutionPolicy". At line:1 char:1 + Set-ExecutionPolicy -ExecutionPolicy Bypass + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : PermissionDenied: (:) [Set-ExecutionPolicy], SecurityException + FullyQualifiedErrorId : ExecutionPolicyOverride,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand- Run the Get-ExecutionPolicy -List
That will display your actual config to find at what level it’s apply.
Any chance that you have a GPO in conflict with your CSP ?
If you don’t set the MDMWinsOverGP your GPO win and CSP never apply
https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-controlpolicyconflict
