Hello! I was hoping to see if anyone else in the community has encountered this problem:
Windows 10 includes PowerShell v5 which includes a new security feature called Constrained Language Mode. This feature is automatically activated when application whitelisting is enabled and prevents PowerShell from running "riskier" code. As I understand it based on everything I have read, as long as AppLocker has a whitelist rule for it, those whitelisted scripts should be exempt from Constrained Language. However, this does not appear to be working on our Windows 10 computers. One of my login scripts that is in a whitelisted folder path fails to run and gives the error "Cannot dot-source this command because it was defined in a different language mode" which I understand to mean it is being blocked by Constrained Language mode. I have other scripts in this whitelisted folder path that are working, but they don't appear to be triggering Constrained Language. I have confirmed that the script is not being blocked by AppLocker since the logs confirm that the script was allowed to run by AppLocker. To rule out AppLocker path rules being the problem, I also signed the PowerShell script, whitelisted the cert and tried to run it and encountered the same problem. Has anyone else encountered this problem? If so have you found any workarounds for this? My goal is to avoid disabling Constrained Language mode entirely since I am looking to only allow trusted/whitelisted scripts to be exempt from Constrained Language mode. Thanks! -Aakash Shah
