Bypassing Execution Policy for SCCM Server for Powershell Detection Method

Is is possible to have the execution policy set to remotesigned but have specific hosts set to bypass? I am administering an SCCM 2012 environment and I want to be able to run the Powershell Detection Method for applications but it keeps erroring out that the script is not signed. I tried adding the server to wsman:\localhost\client\truestedhosts but that did not seem to work either. Is this possible?



January 21st, 2014 6:19pm


You do not need to set the execution policy to bypass for the machine to be able to use powershell detection-method.

The Powershell Detection-method considers the application detected if there are any "Write-Host" output.

Here's an example:

$File = "${env:ProgramFiles(x86)}\iTunes\iTunes.exe"       
$UpdatedVersion = ""                               
$CurrentVersion = [system.diagnostics.fileversioninfo]::GetVersionInfo($File)  
if ($CurrentVersion.ProductVersion -like $UpdatedVersion) {                     
    Write-Host "Software Installed"                                              

You have to change to Bypass in the client settings. It's located in SCCM Console -> Administration -> Client Settings -> <Name of your Client Settings> -> Computer Agent -> Powershell execution policy and set it to bypass.

Free Windows Admin Tool Kit Click here and download it now
February 3rd, 2014 8:10pm

Does changing the Client settings to 'Bypass' change the actual computer "Get-ExecutionPolicy' allowing anyone to manually run scripts from PowerShell command line or does it 'Bypass' somehow just for those scripts run by SCCM?

I can and do sign my scripts typically that get deployed so I don't want Bypass, RemoteSigned, or Unrestricted set globally.  But I do want to use my PowerShell script as a detection method.

I have even tried Signing the script I am using as a detection method, but it just reads the script in so I assume it doesn't see the script as signed (it hasn't when I am testing).

August 19th, 2014 5:17pm

I assume you already have found your answer..

But it only bypasses the ones run by SCCM :)

Free Windows Admin Tool Kit Click here and download it now
December 3rd, 2014 7:13pm

Yes, I have and yes you are correct. It did not set it, but that did work for my detection method! Thanks.
December 3rd, 2014 7:45pm

I can't seem to make powershell detection scripts to work even with the client policy set at bypass.

Is there something else that might be needed?   btw our computer GPO requires all signed

Free Windows Admin Tool Kit Click here and download it now
June 9th, 2015 5:15pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics