From 52d05fab6c91da15f9fcb6d7fb04c72cd32d8223 Mon Sep 17 00:00:00 2001
From: CodingWonders <101426328+CodingWonders@users.noreply.github.com>
Date: Sun, 21 Dec 2025 11:03:56 +0100
Subject: [PATCH] Up the execution policy for default PWSH sessions

This is required to run the diagnostics script, and any script that either we create here, or the user creates later. At least we don't go too wild and use unrestricted... we use something more "safe"
---
 functions/microwin/Invoke-Microwin.ps1 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/functions/microwin/Invoke-Microwin.ps1 b/functions/microwin/Invoke-Microwin.ps1
index eac353a2..39e91963 100644
--- a/functions/microwin/Invoke-Microwin.ps1
+++ b/functions/microwin/Invoke-Microwin.ps1
@@ -208,6 +208,13 @@ public class PowerManagement {
         reg add "HKLM\zSOFTWARE\WinUtil" /f
         reg add "HKLM\zSOFTWARE\WinUtil" /f /v "ToolboxVersion" /t REG_SZ /d "$($sync.version)"
         reg add "HKLM\zSOFTWARE\WinUtil" /f /v "MicroWinBuildDate" /t REG_SZ /d "$((Get-Date).ToString('yyMMdd-HHmm'))"
+
+        # REAL software developers set execution policies to unrestricted but, because we're targeting
+        # mainstream population, we have to lower the level of "riskiness" -- set remotesigned; at least that
+        # lets us run PWSH scripts that WE create. Execution policies don't really make sense anyway if common sense
+        # is lacking.
+        reg add "HKLM\zSOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" /v "ExecutionPolicy" /t REG_SZ /d "RemoteSigned" /f
+
         reg unload HKLM\zSOFTWARE
 
         if ($importVirtIO) {