During OSD we run a bunch of unsigned PowerShell scripts to handle various tasks. As such I'm setting the ExecutionPolicy to Bypass as soon as we get into the OS, which is Windows 7 SP1 amd64 in this case, via PowerShell:
"%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" -command "Set-ExecutionPolicy -Scope LocalMachine -ExecutionPolicy Bypass -Force""%SystemRoot%\syswow64\WindowsPowerShell\v1.0\powershell.exe" -command "Set-ExecutionPolicy -Scope LocalMachine -ExecutionPolicy Bypass -Force"
In addition, the 'PowerShell execution policy' is set to 'Bypass' in 'Computer Agent' of the Default Client Settings, and nothing supersedes that.
Image may be NSFW.
Clik here to view.
We can't rely on the build in detection rule because it requires confirming a specific file is not found. As such we're relying on the detection method script which is fairly simple:
If(Test-path -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6EEA9350-5775-407C-9D6E-A875E1312390}' -PathType Container)
{
If(!(Test-Path -Path "${env:ProgramFiles(x86)}\Litera\ChangePro\pdfsel.exe" -PathType Leaf))
{
write-host "Installed"
}
}The logic is sound as copying & pasting the above snippet on machines with and without the software yields the expected result.
But during OSD the detection process fails because it is not digitally signed.
Image may be NSFW.
Clik here to view.
In the screenshot above I queried the Powershell registry key to confirm the ExecutionPolicy is Bypass.
What am I missing/doing wrong?
