BRONZE PARTNER:
BRONZE PARTNER:
Industry News:
| |
| |
|
|
|
|
|
| PowerShell script execution policy |
|
|
|
By: Ying Li
Posted On: 6/7/2007
When PowerShell is installed, script execution is disabled by default. This is controlled by the PowerShell execution policy.
This article was Previously posted on Ying Li's Blog
PowerShell has the following execution policies defined:
Restricted – This is the default execution policy on installation. When this policy is in effect, script execution is disabled. PowerShell itself is not disabled. It may still be used as an interactive command interpreter. While this is the most secure policy, it severely impacts our ability to use PowerShell for automation.
AllSigned – When the execution policy is AllSigned, scripts can be executed, but they must be Authenticode-signed before they will run. When running a signed script, you will be asked if you want to trust the signer of the script.
RemoteSigned – RemoteSigned requires that all scripts that are downloaded from a remote location must be Authenticode-signed before they can be executed.
Unrestricted – When the execution policy is unrestricted, PowerShell will run any script. It will still prompt the user when it encounters a script that has been downloaded however, this is the least secure setting.
The execution policy is controlled by a registry. Two comdlets, Get-ExecutionPolicy and Set-ExecutionPolicy, can be used to view and change this key.
You can also use the registry provider to find out the current execution policy setting:
PS P:\> (Get-ItemProperty "HKLM:\Software\Microsoft\Powershell\1\ShellIds\Microsoft.Powershell").ExecutionPolicy
RemoteSigned
Of course, it’s much easier to check it with Get-ExecutionPolicy:
PS P:\> Get-ExecutionPolicy
RemoteSigned
|
|
|
|
|
|
