I have two CIRs for Powershell's Script Execution Policies as these will behave differently when set in the shell:

ShellCommandtextReturn(%systemroot%\syswow64\windowspowershell\v1.0\powershell.exe "get-executionpolicy")


ShellCommandtextReturn(%systemroot%\system32\windowspowershell\v1.0\powershell.exe "get-executionpolicy")

This returns "restricted" for the first and "unrestricted" for the second when I run the command locally as expected. When I use psexec to run under the system context it behaves exactly the same.  

The CIR returns "unrestricted" for both.  

The log has both commands listed correctly with the "Unrestricted" values for both:

[Mon May 20 13:20:02 2013] [CDeployController::ExecuteCustomInventoryRule] issuing rule [ShellCommandtextReturn(%systemroot%\syswow64\windowspowershell\v1.0\powershell.exe "get-executionpolicy");]

[Mon May 20 13:20:04 2013] [CDeployController::ExecuteCustomInventoryRule] issuing rule [ShellCommandtextReturn(%systemroot%\system32\windowspowershell\v1.0\powershell.exe "get-executionpolicy");]

Any thoughts on why the CIR is behaving differently than running the command directly?


Answer Summary:
1 Comment   [ - ] Hide Comment


  • Modified the code from "get-executionpolicy" to "[Environment]::Is64BitProcess". Both locations returned false. When run manually the system32 command returns true. Is it possible the KACE agent will not run powershell x64?
Please log in to comment

Answer this question or Comment on this question for clarity



Try sysnative for 32-bit cmd accessing 64-bit exe

%systemroot%\sysnative\windowspowershell\v1.0\powershell.exe "get-executionpolicy"

Answered 05/21/2013 by: flip1001
Third Degree Brown Belt

Please log in to comment