Change PowerShell ExecutionPolicy to RemoteSigned (#4071)

Change PowerShell ExecutionPolicy to RemoteSigned when executing embedded scripts.

src/Agent.Worker/DiagnosticLogManager.cs

@@ -583,7 +583,7 @@ private async Task<string> GetLocalGroupMembership()
 
             string scriptFile = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Bin), "powershell", "Get-LocalGroupMembership.ps1").Replace("'", "''");
             ArgUtil.File(scriptFile, nameof(scriptFile));
-            string arguments = $@"-NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command "". '{scriptFile}'""";
+            string arguments = $@"-NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy RemoteSigned -Command "". '{scriptFile}'""";
 
             try
             {

src/Microsoft.VisualStudio.Services.Agent/Capabilities/PowerShellCapabilitiesProvider.cs

@@ -25,7 +25,7 @@ public async Task<List<Capability>> GetCapabilitiesAsync(AgentSettings settings,
             string powerShellExe = HostContext.GetService<IPowerShellExeUtil>().GetPath();
             string scriptFile = Path.Combine(HostContext.GetDirectory(WellKnownDirectory.Bin), "powershell", "Add-Capabilities.ps1").Replace("'", "''");
             ArgUtil.File(scriptFile, nameof(scriptFile));
-            string arguments = $@"-NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command "". '{scriptFile}'""";
+            string arguments = $@"-NoLogo -Sta -NoProfile -NonInteractive -ExecutionPolicy RemoteSigned -Command "". '{scriptFile}'""";
 
             string enablePrereleaseVSVersions = AgentKnobs.EnableVSPreReleaseVersions.GetValue(UtilKnobValueContext.Instance()).AsString();
             Environment.SetEnvironmentVariable("IncludePrereleaseVersions", enablePrereleaseVSVersions);