PowerShell Not your Father’s Command Line Part 10 of 31: PowerShell Protecting You From Yourself

  • Article

image

In yesterday’s post on profiles you saw how PowerShell prevented the profile script from loading and how to get around the message.  The security message you saw was from the PowerShell script execution policy setting and shows how PowerShell is designed to protect you.  The execution policy determines what kinds of scripts can run on your  system.  By default the PowerShell execution policy is set to Restricted, this prevents any scripts from running on your system.  This is what caused the message we saw yesterday.  There are 4 settings for the execution policy:

  • Restricted: This is the default setting and will prevent any scripts from running in your PowerShell session
  • AllSigned: This setting will require all of your scripts to have a digital signature before they can run in your PowerShell sessions.  To learn more about the signing process run this command: Get-Help about_signing
  • RemoteSigned: This setting will allow local scripts to run whether they are signed or not.  Scripts you download from the Internet or receive via email will not run unless they are digitally signed.
  • Unrestricted:   I do not recommend this setting and you should avoid using this setting.  As the name implies any script will run in your PowerShell sessions.  However, for scripts downloaded or received via email you will receive a warning prompt before the script runs.

To see your current execution policy setting you can run the following cmdlet:

Get-ExecutionPolicy

To change the policy setting as we did yesterday you will use the Set-ExecutionPolicy cmdlet with one of the four settings to meet your security needs.  To change the policy setting you need to be in and administrative PowerShell session.  For example, if you wanted to change the policy setting to AllSigned you would run the following command:

Set-ExecutionPolicy AllSigned

In the book, I talk about some other ways to work with the execution policy and how to handle scripts you may have received from email or the Internet.  There are some nice hidden gems to work with the scripts and work with your execution policy.

Again thanks for reading and if you missed any of the previous posts you can find a master list of series postings located here: PowerShell Not Your Father's Command Line: 31 Days of PowerShell or on Sarah’s blog here: PowerShell Not Your Father's Command Line: 31 Days of PowerShell. Lastly Sarah and I want to hear from you email either of us with your comments or suggestions for future postings let us know, we look forward to hearing from you. Have a great day!