We are using Windows Defender Application Control (WDAC) policies. We have some software that is deployed via Intune using a PowerShell script. Unfortunately that script is provided by a vendor and uses some “FullLanguage” PowerShell features. However, I cannot get the script to run in Full Language mode. Even when run as SYSTEM by Intune or manually, it errors:<\/p>\n

Cannot dot-source this command because it was defined in a different laguage mode.\n<\/code><\/pre>\n


  

    
    

    
    
Advertisement

    



    
    Close
  


I have tried adding $ExecutionContext.SessionState.LanguageMode = ‘FullLanguage’<\/code> to the beginning of the script but that also errors:<\/p>\n
Cannot set property. Property setting is supported only on core types in this language mode.\n<\/code><\/pre>\n


  

    
    

    
    
Advertisement

    



    
    Close
  


I’ve also tried signing the scripts, ensuring the local machine trusts the signing cert and adding as a trusted publisher in WDAC policy. All without avail.<\/p>\n
With AppLocker, it sounds like you may be able to allow specific scripts to run in FullLanaguage mode, which would be the ideal solution, but I cannot find a way to do this with WDAC. Any suggestions?<\/p>","upvoteCount":0,"answerCount":2,"datePublished":"2025-02-05T18:52:35.844Z","author":{"@type":"Person","name":"lukedavidson","url":"https://community.spiceworks.com/u/lukedavidson"},"suggestedAnswer":[{"@type":"Answer","text":"
We are using Windows Defender Application Control (WDAC) policies. We have some software that is deployed via Intune using a PowerShell script. Unfortunately that script is provided by a vendor and uses some “FullLanguage” PowerShell features. However, I cannot get the script to run in Full Language mode. Even when run as SYSTEM by Intune or manually, it errors:<\/p>\n
Cannot dot-source this command because it was defined in a different laguage mode.\n<\/code><\/pre>\n
I have tried adding $ExecutionContext.SessionState.LanguageMode = ‘FullLanguage’<\/code> to the beginning of the script but that also errors:<\/p>\n
Cannot set property. Property setting is supported only on core types in this language mode.\n<\/code><\/pre>\n
I’ve also tried signing the scripts, ensuring the local machine trusts the signing cert and adding as a trusted publisher in WDAC policy. All without avail.<\/p>\n
With AppLocker, it sounds like you may be able to allow specific scripts to run in FullLanaguage mode, which would be the ideal solution, but I cannot find a way to do this with WDAC. Any suggestions?<\/p>","upvoteCount":0,"datePublished":"2025-02-05T18:52:35.911Z","url":"https://community.spiceworks.com/t/allow-scripts-to-run-fulllanguage-in-wdac/1171888/1","author":{"@type":"Person","name":"lukedavidson","url":"https://community.spiceworks.com/u/lukedavidson"}},{"@type":"Answer","text":"
I was able to resolve this issue with a file hash allow rule in WDAC policy. The script now runs in FullLanguage mode.
\nA Path allow rule does not seem to allow .ps1 only .exe, .msi, .dll etc<\/p>