Public/Functions/WinPE/Set-WindowsImageExecutionPolicy.ps1

<#
.SYNOPSIS
Sets the PowerShell Execution Policy of a mounted Windows Image
 
.DESCRIPTION
Sets the PowerShell Execution Policy of a mounted Windows Image
 
.PARAMETER ExecutionPolicy
Specifies the new execution policy. The acceptable values for this parameter are:
- Restricted. Does not load configuration files or run scripts. Restricted is the default execution policy.
- AllSigned. Requires that all scripts and configuration files be signed by a trusted publisher, including scripts that you write on the local computer.
- RemoteSigned. Requires that all scripts and configuration files downloaded from the Internet be signed by a trusted publisher.
- Unrestricted. Loads all configuration files and runs all scripts. If you run an unsigned script that was downloaded from the Internet, you are prompted for permission before it runs.
- Bypass. Nothing is blocked and there are no warnings or prompts.
- Undefined. Removes the currently assigned execution policy from the current scope. This parameter will not remove an execution policy that is set in a Group Policy scope.
 
.PARAMETER Path
Specifies the full path to the root directory of the offline Windows image that you will service
If a Path is not specified, all mounted Windows Images will be modified
 
.LINK
https://osd.osdeploy.com/module/functions/dism/set-windowsimageexecutionpolicy
 
.NOTES
21.2.1 Initial Release
#>

function Set-WindowsImageExecutionPolicy {
    [CmdletBinding()]
    param (
        [Parameter(Position = 0,Mandatory = $true,ValueFromPipelineByPropertyName = $true)]
        [ValidateSet('Restricted','AllSigned','RemoteSigned','Unrestricted','Bypass','Undefined')]
        [string]$ExecutionPolicy,

        [Parameter(ValueFromPipelineByPropertyName = $true)]
        [string[]]$Path
    )

    begin {
        #=================================================
        # Blocks
        #=================================================
        #Block-WinPE
        Block-StandardUser
        #=================================================
        # Get-WindowsImage Mounted
        #=================================================
        if ($null -eq $Path) {
            $Path = (Get-WindowsImage -Mounted | Select-Object -Property Path).Path
        }
        #=================================================
        # Driver
        #=================================================
$InfHeader = @'
[Version]
Signature = "$WINDOWS NT$"
Class = System
ClassGuid = {4D36E97d-E325-11CE-BFC1-08002BE10318}
Provider = OSDeploy
DriverVer = 2/1/2021,2021.2.1.0
'@

$InfMain = @"
[DefaultInstall]
AddReg = AddReg
 
[AddReg]
;rootkey,[subkey],[value],[flags],[data]
;0x00000 REG_SZ
;0x00001 REG_BINARY
;0x10000 REG_MULTI_SZ
;0x20000 REG_EXPAND_SZ
;0x10001 REG_DWORD
;0x20001 REG_NONE
HKLM,SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell,ExecutionPolicy,0x00000,"$ExecutionPolicy"
"@

        #=================================================
    }
    process {
        foreach ($Input in $Path) {
            #=================================================
            # Path
            #=================================================
            $MountPath = (Get-Item -Path $Input | Select-Object FullName).FullName
            Write-Verbose "Path: $MountPath"
            #=================================================
            # Validate Mount Path
            #=================================================
            if (-not (Test-Path $Input -ErrorAction SilentlyContinue)) {
                Write-Warning "Unable to locate Mounted WindowsImage at $Input"
                Break
            }
            #=================================================
            # Build Driver
            #=================================================
            $InfFile = "$env:Temp\Set-ExecutionPolicy.inf"
            New-Item -Path $InfFile -Force
            Set-Content -Path $InfFile -Value $InfHeader -Encoding Unicode -Force
            Add-Content -Path $InfFile -Value $InfMain -Encoding Unicode -Force
            #=================================================
            # Add Driver
            #=================================================
            Add-WindowsDriver -Path $MountPath -Driver $InfFile -ForceUnsigned
            #=================================================
            # Return for PassThru
            #=================================================
            Return Get-WindowsImage -Mounted | Where-Object {$_.Path -eq $MountPath}
            #=================================================
        }
    }
    end {}
}