I’ve been very pro-Windows Vista but sometimes it’s just too difficult to deal with its annoyances.
Yesterday I wanted to run some PowerShell script copied from someone’s blog. First, it wouldn’t run ’cause there was no PowerShell installed. What?? Oh, well, I guess it did not ship with Vista. I downloaded and installed PowerShell but – alas! – it wouldn’t execute unsigned code.
Great! Back to Scroogle – let’s look for workarounds and solutions. After a while – bingo! – I landed at http://www.hanselman.com/blog/SigningPowerShellScripts.aspx. That’s some complicated and time consuming stuff! Does it really have to be this complicated?
Oh, well, let’s download the few hundred MBs of stuff we need. At first I got MS Visual Studio 2008 (quite a download) but it didn’t have makecert.exe. All right, let’s try .NET Framework 2.0. As I struggled with the poor download speed, I had to call it a day.
What a waste of time. Things like this make me sick!
Today I continued to waste time on this crap. The makecert utility would fail ( Error: WriteFile failed => 0x5 (5)).
After additional scroogling I found out (http://www.appdeploy.com/messageboards/tm.asp?m=20873) that the stupid error means that I (admin on this machine) do not have the permission to write to c:\. How stupid is that? Changing makecert’s destination to c:\users\admin made it complete without error.
Next, I couldn’t execute Set-ExecutionPolicy AllSigned (mind you, I’m administrator of this computer) because the attempt to modify the Windows registry required was refused. Really smart!
At this point I had enough so here’s my workaround for you:
Run regedit.exe – go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
and add a “String Value” registry key called ExecutionPolicy with the value of Unrestricted.
– or –
Save this file (click here – this is for Windows Vista x86 – I don’t know if Windows XP and/or Vista x64 have the same key) below as something that ends on “.reg” – e.g. ps_unrestricted.reg and make sure that the file is properly formatted (there are extra line breaks in it right now). Next, if you’re not Administrator, run regedit.exe, navigate to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ PowerShell \ 1 \ ShellIds \ Microsoft.PowerShell, right-click on Microsoft.PowerShell (in the left pane) and give your account (e.g. dick) all permissions that can be given. Then double-click on ps_unrestricted.reg and the key should be created in your registry. Now you can remove your account from the list of accounts with permissions on this key.
And I’ve got an enhancement request for the Windows Vista team: I want a “god” account type that has absolute powers, permissions and all.
P.S. The PS script I downloaded in the end didn’t work (many syntax errors in the code). Wonderful…
Update [2008/02/12]: The “god” mode works after one disables user access control.
Update [2008/05/03]: The workaround works for Windows Server 2008 as well. Also I corrected above instructions (I incorrectly stated that “DWORD” should be created which of course wouldn’t work).