deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
Meghana Athavale 0efafa2077 Updated
2021-09-24 13:54:53 +05:30

10 KiB
Raw Blame History

title, description, ms.author, ms.localizationpriority, ms.topic, ms.prod, ms.technology, author, ms.date, ms.reviewer, manager
title description ms.author ms.localizationpriority ms.topic ms.prod ms.technology author ms.date ms.reviewer manager
Policy CSP - ADMX_PowerShellExecutionPolicy Policy CSP - ADMX_PowerShellExecutionPolicy dansimp medium article w10 windows manikadhiman 10/26/2020 dansimp

Policy CSP - ADMX_PowerShellExecutionPolicy

Tip

These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX_PowerShellExecutionPolicy policies

ADMX_PowerShellExecutionPolicy/EnableModuleLogging
ADMX_PowerShellExecutionPolicy/EnableScripts
ADMX_PowerShellExecutionPolicy/EnableTranscripting
ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath

ADMX_PowerShellExecutionPolicy/EnableModuleLogging

Edition Windows 10 Windows 11
Home No No
Pro No No
Business No No
Enterprise Yes Yes
Education Yes Yes

Scope:

[!div class = "checklist"]

  • Device
  • User

This policy setting allows you to turn on logging for Windows PowerShell modules.

If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell log in Event Viewer. Enabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to True.

If you disable this policy setting, logging of execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to False. If this policy setting is not configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-ins is set to False.

To add modules and snap-ins to the policy setting list, click Show, and then type the module names in the list. The modules and snap-ins in the list must be installed on the computer.

Note

This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.

ADMX Info:

  • GP Friendly name: Turn on Module Logging
  • GP name: EnableModuleLogging
  • GP path: Windows Components\Windows PowerShell
  • GP ADMX file name: PowerShellExecutionPolicy.admx

ADMX_PowerShellExecutionPolicy/EnableScripts

Edition Windows 10 Windows 11
Home No No
Pro No No
Business No No
Enterprise Yes Yes
Education Yes Yes

Scope:

[!div class = "checklist"]

  • Device
  • User

This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run.

If you enable this policy setting, the scripts selected in the drop-down list are allowed to run. The "Allow only signed scripts" policy setting allows scripts to execute only if they are signed by a trusted publisher.

The "Allow local scripts and remote signed scripts" policy setting allows any local scripts to run; scripts that originate from the Internet must be signed by a trusted publisher. The "Allow all scripts" policy setting allows all scripts to run.

If you disable this policy setting, no scripts are allowed to run.

Note

This policy setting exists under both "Computer Configuration" and "User Configuration" in the Local Group Policy Editor. The "Computer Configuration" has precedence over "User Configuration." If you disable or do not configure this policy setting, it reverts to a per-machine preference setting; the default if that is not configured is "No scripts allowed."

ADMX Info:

  • GP Friendly name: Turn on Script Execution
  • GP name: EnableScripts
  • GP path: Windows Components\Windows PowerShell
  • GP ADMX file name: PowerShellExecutionPolicy.admx

ADMX_PowerShellExecutionPolicy/EnableTranscripting

Edition Windows 10 Windows 11
Home No No
Pro No No
Business No No
Enterprise Yes Yes
Education Yes Yes

Scope:

[!div class = "checklist"]

  • Device
  • User

This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts.

If you enable this policy setting, Windows PowerShell will enable transcripting for Windows PowerShell, the Windows PowerShell ISE, and any other applications that leverage the Windows PowerShell engine. By default, Windows PowerShell will record transcript output to each users' My Documents directory, with a file name that includes 'PowerShell_transcript', along with the computer name and time started. Enabling this policy is equivalent to calling the Start-Transcript cmdlet on each Windows PowerShell session.

If you disable this policy setting, transcripting of PowerShell-based applications is disabled by default, although transcripting can still be enabled through the Start-Transcript cmdlet.

If you use the OutputDirectory setting to enable transcript logging to a shared location, be sure to limit access to that directory to prevent users from viewing the transcripts of other users or computers.

Note

This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.

ADMX Info:

  • GP Friendly name: Turn on PowerShell Transcription
  • GP name: EnableTranscripting
  • GP path: Windows Components\Windows PowerShell
  • GP ADMX file name: PowerShellExecutionPolicy.admx

ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath

Edition Windows 10 Windows 11
Home No No
Pro No No
Business No No
Enterprise Yes Yes
Education Yes Yes

Scope:

[!div class = "checklist"]

  • Device
  • User

This policy setting allows you to set the default value of the SourcePath parameter on the Update-Help cmdlet.

If you enable this policy setting, the Update-Help cmdlet will use the specified value as the default value for the SourcePath parameter. This default value can be overridden by specifying a different value with the SourcePath parameter on the Update-Help cmdlet.

If this policy setting is disabled or not configured, this policy setting does not set a default value for the SourcePath parameter of the Update-Help cmdlet.

Note

This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.

ADMX Info:

  • GP Friendly name: Set the default source path for Update-Help
  • GP name: EnableUpdateHelpDefaultSourcePath
  • GP path: Windows Components\Windows PowerShell
  • GP ADMX file name: PowerShellExecutionPolicy.admx