Windows 10: I can't run Windows PowerShell Solved

Page 1 of 2 12 LastLast
  1.    24 Apr 2017 #1

    I can't run Windows PowerShell


    Hey guys, can you help me?
    I can't run WIndows Powershell (even as admin or not),
    it say "C:\Users\ASUS K84L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk",
    Click image for larger version. 

Name:	Screenshot (2).png 
Views:	13 
Size:	541.2 KB 
ID:	131816i try to run via directory and then windows say "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator."
    Click image for larger version. 

Name:	Screenshot (3).png 
Views:	9 
Size:	65.5 KB 
ID:	131817
    Any idea?
    Any help would be appreciated. Sorry with my bad english
      My ComputerSystem Spec

  2.    24 Apr 2017 #2

    "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator."
    The message is clear: Restricted access has been set for certain(s) program(s). Do you own the computer? Are you an administrator?

    And of course: Is your machine infected?

    Try to create a new user account and check if the issue persists.

    Since you're running Win10 Pro, you have access to Group Policy. There is an Administrative Template "Don't run specified Windows Applications". Run it.

    See https://www.microsoft.com/en-us/down....aspx?id=48257
    and https://blogs.technet.microsoft.com/...ive-templates/
      My ComputerSystem Spec

  3.    24 Apr 2017 #3

    Maybe I came up too strong. Forget about Administrative Templates for the moment.

    Instead, using the registry editor, navigate to: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
    and look at what's there, like a key named PowerShell in your case.
      My ComputerSystem Spec

  4. TairikuOkami's Avatar
    Posts : 3,333
    10.6 Home 1809 x64
       25 Apr 2017 #4

    That message looks similar to what I have, because I have blocked PS from running, like this:

    Code:
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisallowRun" /t REG_DWORD /d "1" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "1" /t REG_SZ /d "powershell.exe" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "2" /t REG_SZ /d "powershell_ise.exe" /f
      My ComputerSystem Spec

  5.    26 Apr 2017 #5

    yeah, i found it
    Click image for larger version. 

Name:	Screenshot (4).png 
Views:	3 
Size:	123.2 KB 
ID:	132141
    Should I delete that registry key?
      My ComputerSystem Spec

  6.    26 Apr 2017 #6

    TairikuOkami said: View Post
    That message looks similar to what I have, because I have blocked PS from running, like this:

    Code:
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisallowRun" /t REG_DWORD /d "1" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "1" /t REG_SZ /d "powershell.exe" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "2" /t REG_SZ /d "powershell_ise.exe" /f
    Is there a reason you do not want powershell to be able to run?
      My ComputerSystem Spec

  7. TairikuOkami's Avatar
    Posts : 3,333
    10.6 Home 1809 x64
       26 Apr 2017 #7

    vengeance455 said: View Post
    Should I delete that registry key?
    Yes.


    pparks1 said: View Post
    Is there a reason you do not want powershell to be able to run?
    Malware prevention, it is not like PS is required by anything. I actually remove PS as well.

    Lets Unpack: Dridex Loader | MalwareTech
    15 Ways to Bypass the PowerShell Execution Policy
    The rise of .NET and powershell malware - Securelist
    UAC Bypass Using eventvwr.exe and Registry Hijacking | enigma0x3
      My ComputerSystem Spec

  8.    26 Apr 2017 #8

    Sure, .net tools could be used to craft attacks, but I am pretty sure very few boxes were compromised by people going through weaknesses in powershell. I could see a questionable user, who insists on running as an admin, executing a powershell script which does compromise the system.

    I am a big powershell user, and am going to GUI less Windows server which must be managed by powershell remotely. Different strokes I guess.
      My ComputerSystem Spec

  9.    28 Apr 2017 #9

    TairikuOkami said: View Post
    Yes.
    I have delete that registry, but after I restart my laptop, that registry appear again
    Click image for larger version. 

Name:	2017-04-29_01-23-05.jpg 
Views:	2 
Size:	115.9 KB 
ID:	132413
    i think, maybe the main problem is on Task Scheduler or Services which cause registry re-adding again
      My ComputerSystem Spec

  10. TairikuOkami's Avatar
    Posts : 3,333
    10.6 Home 1809 x64
       28 Apr 2017 #10

    Check, if it is disabled in group policy:

    Gpedit.msc\User Configuration\Administrative Templates\System\Don't run specified Windows applications

    Don,t Run Specified Windows Application, Run Only Specified Windows Application - YouTube
      My ComputerSystem Spec


 
Page 1 of 2 12 LastLast

Related Threads
Installation & Upgrade Update and Upgrade Windows 10 using PowerShell in Tutorials
Since its birth in November 2006 PowerShell has evolved to be the chosen tool of network administrators and advanced users alike. Originally a native Windows tool it has since August 2016 been an open source project, spreading its wings to other...
Hello, After updating from insider to 15063 and 15063.11 RTM powershell seems to be showing random symbols, but when I try to copy paste these symbols somewhere else they show up as normal text. In powershell I see this: 127506 After...
How to Add PowerShell to Context Menu in Windows 10 Windows PowerShell is a task-based command-line shell and scripting language designed especially for system administration. This tutorial will show you how to add or remove PowerShell from...
Hi, I have a question about using Bitstransfer on powershell in order to download data via https. The following code works well on powershell 5.5 of windows 10 while it does not work on powershell 2.2 of windows 7. In particular, the problem...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 08:42.
Find Us