On Windows, it is very unexpected behaviour to not be able to run a .ps1 file on a CI worker.
powershell -c "Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope LocalMachine"
or similar, should be the default IMO.
But either way, there should be a yaml setting for this and it should be documented in the Windows config, so it can be done automatically in the build box init.
Then only people needing a less friendly CI worker can disable it when testing something where they need the worker to be as pristine as possible.