how to change PowerShell mode to fulllanguage mode from constrained mode?

Asked 15/7, 2019 at 2:53 Answered 19/6 at 12:28

I open the PS or PSISE, they are both constrianedlanguage mode which I do not expect.

I don't know why it's ConstrainedLanguage. Two days ago it's just the PSISE is in constrainedmode and the PS is fulllanguage mode. Now after I restart my computer, both of them is constrainedmode and it's so bothering me because I really need to use the full mode..

I've tried to start PS as admin, not working. Tried to create a new environment variable __PSLockdownPolicy and set it to 1 or 0, still not working.

I tried "powershell.exe -version 2", and it's fulllanguage but the version 2 is too low that I cannot use some advanced module.

PS C:\windows\system32> $ExecutionContext.SessionState.LanguageMode
ConstrainedLanguage

PS C:\windows\system32> $ExecutionContext.SessionState.LanguageMode = 'fulllanguage'
Cannot set property. Property setting is supported only on core types in this language mode.
At line:1 char:1
+ $ExecutionContext.SessionState.LanguageMode = 'fulllanguage'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : PropertySetterNotSupportedInConstrainedLanguage

I expect I can open the PS in fulllanguage mode. Thanks for all your help!

Salon answered 15/7, 2019 at 2:53 Comment(3)

talk to your admins. that sounds like your system is deliberately configured to be in constrained mode. – Plumley 15/7, 2019 at 2:56

Sorry for anyone who is seeking the answer for similar question. But my problem is not because of the system or the computer, it's just my administrator set the language mode to constrained mode and there's nothing to do with my computer or system. So thanks for all your help anyway~ – Salon 5/8, 2019 at 2:27

ha! that makes sense ... thank you for making that clear! [grin] – Plumley 5/8, 2019 at 2:33

The lock down policy isn't available in PowerShell v2. You can check if you have a Group Policy applied to your machine by running from an administrative command prompt:

gpresult /v

You can search the output for PowerShell to find PowerShell related group policies that may be applied to the system by a system administrator.

You can check if

$Env:__PSLockdownPolicy

If configured, a setting of 8 = Full language mode. This could be configured in registry HKLM\System\CurrentControlSet\Control\SESSION MANAGER\Environment__PSLockdownPolicy

If you can't find what is locking down PowerShell launch ProcMon and set a filter:

Operation is RegQueryValue Include
Process Name is PowerShell.exe Include
Process Name is PowerShell_Ise.exe Include
Result is SUCCESS

And launch PowerShell, you can look through the keys that are loaded, and check the details column for what the value is set to. Through this approach you can identify anything registry configuration locking down PowerShell. If the lock down is applied by group policy you can delete the key to temporarily enable it, but once group policy re-applies the setting will come back, if it is not changed from administration level.

Max answered 15/7, 2019 at 3:21 Comment(2)

It turns out it is my administrator set the language mode to constrained mode. There's nothing to do with my computer or system. Thanks for your help anyway:) – Salon 5/8, 2019 at 2:28

Yes this is why I said to check gpresult as it will show you if administrator is configuring this. If you have local admin you can change the policy at least temporarily through registry editor but it will reapply every few hours and may be considered a violation of your company policy. Technically exemptions can be created for the policy but up to your administrators. – Max 6/8, 2019 at 5:14

I was having issues with this too, but in my case I was the administrator that had set this policy to test, and couldn't get it removed. I found out that when I was using it in conjunction with AppLocker Script Rules, that it was setting it to ConstrainedLanguage, because of this:

Since version 5, PowerShell recognizes automatically whether it should switch to Constrained Language mode based on script rules. To do so, it creates a module and a script (with a name following the pattern __PSSCRIPTPOLICYTEST_LQU1DAME.3DD.PS1) under $env:temp and tries to execute them. If AppLocker or another tool blocks this attempt, PowerShell starts in Constrained Language mode.

Source: https://4sysops.com/archives/mitigating-powershell-risks-with-constrained-language-mode/

Interstitial answered 5/6, 2020 at 20:42 Comment(1)

Thankyou, though it seems to be looking at $env:tmp instead. This allows me to bypass the applocker side effect. – Sporadic 31/5 at 8:22

For completeness AppLocker will automatically put PowerShell into Constrained Language mode as per:

https://4sysops.com/archives/mitigating-powershell-risks-with-constrained-language-mode/

Since version 5, PowerShell recognizes automatically whether it should switch to Constrained Language mode based on script rules. To do so, it creates a module and a script (with a name following the pattern __PSSCRIPTPOLICYTEST_LQU1DAME.3DD.PS1) under $env:temp and tries to execute them. If AppLocker or another tool blocks this attempt, PowerShell starts in Constrained Language mode.

Hunterhunting answered 22/7, 2022 at 4:8 Comment(0)

For people finding this page from Google: If you just opened an Administrative PowerShell window and turned on Constrained mode via the "LanguageMode" variable to see what would happen and now can't turn it off again, the change made here only applies to this PowerShell session. If you close the terminal window and open a new one you'll see that the Constrained mode setting has not stuck.

Encephalogram answered 7/12, 2023 at 15:5 Comment(0)

Simply Uninstall the Powershell. ON my machine i deliberately put machine in Constrained mode and tried to get it to full language. got error. THen i uninstalled the powershell via control panel which was 7 version. once uninstalled opened start and typed powershell, then opened with admin rights and checked again it was back in full language mode.

Recommended topics

Hot tags