• A – Z
• a - z
• 0 – 9
• ' . - _ ! # ^ ~

• Any '@' character that's not separating the username from the domain.
• Can't contain a period character '.' immediately preceding the '@' symbol

• The total length must not exceed 113 characters
• There can be up to 64 characters before the '@' symbol
• There can be up to 48 characters after the '@' symbol

• A – Z
• a - z
• 0 – 9
• @ # $ % ^ & * - _ ! + = [ ] { } : ‘ , . ? / ` ~ ' ( ) ;
• blank space

• Unicode characters.
• Cannot contain a dot character '.' immediately preceding the '@' symbol”.

• A minimum of 8 characters and a maximum of 256 characters.
• Requires three out of four of the following:
  • Lowercase characters.
  • Uppercase characters.
  • Numbers (0-9).
  • Symbols (see the previous password restrictions).

• Default value: 90 days.
• The value is configurable by using the Set-MsolPasswordPolicy cmdlet from the Azure Active Directory Module for Windows PowerShell.

• Default value: 14 days (before password expires).
• The value is configurable by using the Set-MsolPasswordPolicy cmdlet.

• Default value: false days (indicates that password expiry is enabled).
• The value can be configured for individual user accounts by using the Set-MsolUser cmdlet.

Environment data

• VS Code version: 1.27.1 (user setup)
• Extension version (available under the Extensions sidebar): 2018.8.0
• OS and version: Windows 10
• Python version (& distribution if applicable, e.g. Anaconda): Python 3.7.0
• Type of virtual environment used (N/A venv virtualenv conda ..): venv
• Relevant/affected Python packages and their versions: N/A

Actual behavior

Create python terminal results in a powershell error

Expected behavior

I don't need need to disable running scripts in able to use VS code

Steps to reproduce:

1. Fresh install of windows
2. install python
3. create virtual environment
4. try to activate it in VS Code

Hmmm. this feels like it might be a VSCode problem.

To fix the issue, you can simply open a Powershell window as administrator and type the following:

And hit enter, respond y to any prompts that appear.

I take it back - we are running an activate.ps1 file from a .venv!

Hmmm.. not sure what we can do about this from the extension's perspective. @DonJayamanne can we inject some powershell code prior to running activate.ps1 when we launch a python terminal?

can we inject some powershell code prior to running activate.ps1 when we launch a python terminal?

Yes we can.
Changing the label, as this isn't a bug. we're trying to improve the UX for users of the extension.

@d3r3kk
Your original suggestion works, changing the policy will work, however @qubitron doesn't want to have to do it manually.
Basically we should do what ever we can to remove/reduce such road blocks.

Yep, that's pretty standard Powershell behaviour/expected workflow on a new machine. Not sure we should usurp that is what I'm getting at.

However, if we choose to do so, it shouldn't be too difficult to put a quick popup and ask the user if doing so will be ok with them first (much like the powershell cmdlet Set-ExecutionPolicy does).

However, if we choose to do so, it shouldn't be too difficult to put a quick popup and ask the user if

Agreed.
After all, we're executing some script that we have no control over.

@qubitron thoughts

1. This will require elevation to set the execution policy correct? Not all users have admin rights on the system
2. What if the user doesn't want this execution policy set for security reasons, it's off by default for a reason?

Why do we even need powershell cmdlet to do this, why can't we run a batch file or something else that doesn't require admin privileges/execution policies to be set?

It's a PowerShell script because that's how you get the prompt updated to list the virtual environment's name: https://github.com/python/cpython/blob/master/Lib/venv/scripts/nt/Activate.ps1

The other option any notification could have is offer to switch off the automatic activation on top of providing instructions on how to change the policy.

OK, so really this is an issue because we're using a powershell cmd prompt instead of CMD (which is what I use outside of VS Code and just lets me activate without having to set any policies).

Since I assume we can't change the default from powershell to cmd, detecting the issue and prompting users to set the execution policy (with a button) seems like the right solution.

Well, we could do the following:

• If shell is powershell
• If batch file exists, then shell into CMD and execute bath file
• Else if, powershell script exists, excute powershell script, with the prompts to elevate if necessary.

I.e. where possible use batch files.
This would be better as we wouldn't have to display prompts for powershell script exec elevation..

It might also be easier for us to contribute upstream to Python an Activate.ps1 that isn't automatically generated and thus can be signed as necessary.

Just to add to the description of the issue at hand I had same problem using Pipenv virtual environment. Pipenv version: 2018.11.14
VSCode version : 1.29.1

Worked after updating my execution policy from using the following PS cmdlet:

Here is the link to the documentation on ExecutionPolicy from Microsoft

Cheers

Not sure if this happens after the latest update but when I execute 'Run current file in terminal', it tries to activate the environment that resides in the same directory with the script itself, it fails and afterwards it executes the script with the python interpreter that is inside my environment. How come ?

@BurakcanK Is the problem due to Powershell permissions not being set? If so, please run (as admin on your system) the Set-ExecutionPolicy as defined above if that is satisfactory for you and your IT department.

If that is not the problem you are seeing, please feel free to open another issue with the specific details of your situation.

I was able to work around this problem by adding the following to my VS Code settings:

OPEN POWERSHELL IN ADMINISTRATER MODE AND USE THIS COMMANDS
REFERENCE : https://docs.microsoft.com/da-dk/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-5.1

I hope your problem is solved
if not then just follow the reference link

If https://bugs.python.org/issue37354 can be solved then Activate.ps1 can be signed and thus acceptable in a stricter execution policy.

OPEN POWERSHELL IN ADMINISTRATER MODE AND USE THIS COMMANDS
REFERENCE : https://docs.microsoft.com/da-dk/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-5.1

I hope your problem is solved
if not then just follow the reference link

This Work on my windows 10

Watch python/cpython#14967, may even make it into 3.8.

@d3r3kk it won't make it into 3.8.

@luabud@brettcannon we should evaluate other solutions since this won't be fixed within the next 1-2 years on the Python side then. At a minimum, let's make sure to include this step in our getting started docs.

@qubitron docs are probably going to be all we can do for this as I'm not comfortable overwriting someone's Activate.ps1 on their behalf nor do I want us to have to maintain a custom one. So I think a doc change is probably our best option.

@qubitron@brettcannon Agreed on the docs part, but what about prompting to change the execution policy for PowerShell in VS Code, and if 'yes' is selected then we add 'terminal.integrated.shellArgs.windows': ['-ExecutionPolicy', 'Bypass'] to settings.json?

@luabud we could, but I'm a little hesitant since it's a security change so we would have to be very careful and clear on the messaging of what they are opting into having us do on their behalf.

@qubitron@brettcannon looks like we already have that on our Getting Started tutorial: https://code.visualstudio.com/docs/python/python-tutorial#_install-and-use-packages

It's pretty buried in there, I think it should be higher up as a pre-requisite, and the doc it links to lists a ton of options, when it could be more prescriptive and say:

Open an administrator powershell prompt (windows key -> type 'Powershell' -> Ctrl+Shift+Enter), and then type:

@d3r3kk it won't make it into 3.8.

I think maybe?

Bit shocked Steve's taking that as a bugfix, but 🤷‍♂ .

Not sure whether we've explored this.
Here's what I tried and it works, basically bypass the restriction temporarily, then restore it (applies only to current session):

Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process ; & ./venv/scripts/activate.ps1 ; Set-ExecutionPolicy -ExecutionPolicy Default -Scope Process

• 3 commands chained
• First disable for current process (only current process)
• Next perform activation (based on docs, if a prompt is necessary, it will be displayed to the user - great)
• Finally, after env activation, we restore the execution policy

Pros:

• We can optionally add a prompt (yes/no) using the -Confirm flag, giving the user more control.

Set-ExecutionPolicy -Confirm -ExecutionPolicy Unrestricted -Scope Process ; & ./venv/scripts/activate.ps1 ; Set-ExecutionPolicy -ExecutionPolicy Default -Scope Process

• It works (unless there's something wrong I can't see)
• We bypass security only for execution of the activation scripts
• Changes to policies are scoped to the current process and safely restored (we could make this a script if required)
• Using the policy of Unrestriced will result in a prompt being displayed to user for downloaded scripts - i.e. letting user decide - I think thats a good thing).
• We can determine the current execution level as well (VS Code have recently added the ability to create terminals that aren't visible to users. This way we can create a terminal and run scripts to determine the execution level - if we want to do so)

Finally: I tried and works on a vanilla Windows 10 setup (had to install one today to test something else).

• Execution policy is Restricted before and after the above scripts are executed
• User is prompted (Yes/No) when using the -Confirm flag
• Works as expected

Unless no one has any objections, I'd like to revisit this, at least as a spike.

Activate.ps1 will be signed starting in Python 3.8, so I don't know if we want to go down the route of trying to hack around this if it will be solved implicitly over time and won't have us trying to do more in the terminal which we know from experience is extremely finicky.