This discussion in the Spiceworks forums discusses the root cause and has a couple of workarounds:
https://community.spiceworks.com/topic/1451109-srp-whitelist-causing-odd-behavior-in-powershell-v5 Unfortunately, I haven't seen anything more definitive. Maybe MBS has some insider knowledge on this. IIRC, you can bypass this issue completely by going back to an older version of PS. -- Espi On Fri, Oct 27, 2017 at 3:09 PM, Aakash Shah <[email protected]> wrote: > Hello! I was hoping to see if anyone else in the community has > encountered this problem: > > > > Windows 10 includes PowerShell v5 which includes a new security feature > called Constrained Language Mode. This feature is automatically activated > when application whitelisting is enabled and prevents PowerShell from > running “riskier” code. > > > > As I understand it based on everything I have read, as long as AppLocker > has a whitelist rule for it, those whitelisted scripts should be exempt > from Constrained Language. However, this does not appear to be working on > our Windows 10 computers. One of my login scripts that is in a whitelisted > folder path fails to run and gives the error “Cannot dot-source this > command because it was defined in a different language mode” which I > understand to mean it is being blocked by Constrained Language mode. I > have other scripts in this whitelisted folder path that are working, but > they don’t appear to be triggering Constrained Language. > > > > I have confirmed that the script is not being blocked by AppLocker since > the logs confirm that the script was allowed to run by AppLocker. > > > > To rule out AppLocker path rules being the problem, I also signed the > PowerShell script, whitelisted the cert and tried to run it and encountered > the same problem. > > > > Has anyone else encountered this problem? If so have you found any > workarounds for this? My goal is to avoid disabling Constrained Language > mode entirely since I am looking to only allow trusted/whitelisted scripts > to be exempt from Constrained Language mode. > > > > Thanks! > > > > -Aakash Shah > > >
