PS extension sets execution policy?

[rjmholt]

I've been hitting an issue where I couldn't debug scripts because, even though my execution policy was set machine-wide to Bypass, my integrated console was reporting RemoteSigned.

It looks like this is set here but I'm not sure why. Shouldn't we just inherit the right execution policy?

[TylerLeonhardt]

We already start with Bypass so I don't really see why we need this. We should get rid of that code.

[IainM-NZ]

The integrated terminal should follow the machine settings, it's frustrating having to set the policy each time. New (powershell) terminals created do use the correct execution settings, no reason for the integrated one to be different.

[rjmholt]

Ok I've played with this a bit now. It's not trivial.

When we start PSES, we're forced to run it with execution policy Bypass to be able to load the modules that users depend on as part of their experience. That means we can't simply inherit the execution policy, since it's been overridden.

So the remaining solution is to remember the initial execution policy and transmit that. The problem there is that the starting process is node, rather than PowerShell, meaning we'd need to start another PowerShell process to discover the execution policy, leading to greater startup time cost.

Increasing startup time is something I'm fairly reluctant to do, since it's already a pain point. But I'm not sure what other avenues are available to us to fix this.

[SeeminglyScience]

So the remaining solution is to remember the initial execution policy and transmit that. The problem there is that the starting process is node, rather than PowerShell, meaning we'd need to start another PowerShell process to discover the execution policy, leading to greater startup time cost.

You can query the other scopes in the same process, so running something like below before we run profiles could work.

$userPolicy = Get-ExecutionPolicy -Scope User
if ($userPolicy -ne [Microsoft.PowerShell.ExecutionPolicy]::Undefined) {
    Set-ExecutionPolicy -Scope Process -ExecutionPolicy $userPolicy -Force
    return
}

$machinePolicy = Get-ExecutionPolicy -Scope Machine
Set-ExecutionPolicy -Scope Process -ExecutionPolicy $machinePolicy -Force

Does really make me wish setting it to Undefined wasn't a no-op though...

Anyway, still not free, but cheaper than starting another process.

[rjmholt]

I was just having a similar thought! I’ll keep plugging on this