So, recently due to wanting to achieve something, I restarted my PowerShell studies. Due to lazyness I stopped studies sometime ago. By default, PowerShell scripts cannot be executed. It has execution policies. The one enabled by default is Restricted, which means no scripts are executed. To allow execution, you'd need to start PowerShell with administrative rights and then change the execution policy to Unrestricted (all scripts can run), RemoteSigned (only local scripts can run) or AllSigned (both local and remote scripts must be digitally signed). Anyway, it came to my attention that it's possible to bypass PowerShell execution policies. This is an example of bypassing its policies, by getting the contents of a script I created and pass the info to powershell.exe: get-content .\dnscrypt-proxy.ps1 | powershell.exe -noprofile - First, we need to use the cmdlet Get-Content to get the contents of the script dnscrypt-proxy.ps1. This is a script I got and that I created. Then, we'll pipeline the content, using |, which will pass the content to powershell.exe. powershell.exe will be run with the parameters -noprofile, which means that no PowerShell profile will be executed, and then the parameter -. The parameter - is what actually does the trick. Of course, we're talking about a situation of using the same privileges the user has. But, it does allow to bypass AppLocker/SRP/etc. So, even with AppLocker preventing execution of *.ps1 files (PowerShell scripts), by using the above trick, the script will still be run, bypassing both PowerShell execution policies and AppLocker. Most likely, it will also bypass SRP. Maybe others as well. This is actually something Microsoft should fix, in PowerShell. Windows 7 has version 2. I don't know if version 3, which will come out with Windows 8 and will be available for Windows 7, if it works different.