Optimize 'GetSystemLockdownPolicy' for non-lockdown scenarios#13438
Optimize 'GetSystemLockdownPolicy' for non-lockdown scenarios#13438TravisEz13 merged 2 commits intoPowerShell:masterfrom
Conversation
|
@PaulHigin You mentioned the registry check in GetDebugLockdownPolicy may not be needed anymore for our tests, can you please review and confirm if that's the case? If so, I can remove that part in this PR. |
PaulHigin
left a comment
There was a problem hiding this comment.
These changes LGTM. However, please also remove the debug registry check. AFAIK this is no longer needed and tests use the __PSLockdownPolicy environment variable. and 'System32' filename append. If any tests fail, we can look at them.
I want to remove the registry check because users sometimes believe it is a 'secure' way to lock down PowerShell, which it is not. Since we are PowerShell Core I feel we can remove it safely. We can always re-add it if needed.
|
@TravisEz13 and @PaulHigin, thanks for the review! |
PaulHigin
left a comment
There was a problem hiding this comment.
Thanks for making the change!
|
@TravisEz13 I think this PR is ready to merge. |
|
🎉 Handy links: |
PR Summary
Today, the implementation of
GetSystemLockdownPolicyis optimized for lockdown scenarios, but dis-optimized for the more common non-lockdown scenario because the test hook will make this method call the Win32 APIWldpGetLockdownPolicyevery time. This PR attempts to improve it.PR Checklist
.h,.cpp,.cs,.ps1and.psm1files have the correct copyright headerWIP:or[ WIP ]to the beginning of the title (theWIPbot will keep its status check atPendingwhile the prefix is present) and remove the prefix when the PR is ready.