|
12 | 12 |
|
13 | 13 | #endregion |
14 | 14 |
|
| 15 | +PowerShell's execution policy |
| 16 | + security feature |
| 17 | + controls the conditions under which PowerShell can run scripts. |
| 18 | + A safety net to prevent the execution of malicious scripts, |
| 19 | + Not a foolproof security measure (a determined user can bypass it). |
| 20 | + Just a first line of defense. |
| 21 | +
|
| 22 | +Here's a breakdown of key aspects: |
| 23 | + |
| 24 | +What it does: |
| 25 | + |
| 26 | +The execution policy |
| 27 | + determines whether you can run scripts at all, |
| 28 | + if so, under what conditions. |
| 29 | + Makes it harder for untrusted scripts to run accidentally or unknowingly. |
| 30 | + |
| 31 | +Different Execution Policies: |
| 32 | + |
| 33 | +PowerShell defines several execution policies, each with different levels of restrictiveness: |
| 34 | + |
| 35 | + Restricted (Default): |
| 36 | + No scripts can be run. |
| 37 | + Most restrictive policy. |
| 38 | + You can still run individual commands interactively, but not scripts. |
| 39 | + |
| 40 | + AllSigned: |
| 41 | + All scripts must be signed by a trusted publisher. |
| 42 | + Most secure policy |
| 43 | + but can be inconvenient if you're working with scripts from various sources. |
| 44 | +
|
| 45 | + RemoteSigned: |
| 46 | + Scripts downloaded from the internet |
| 47 | + must be signed by a trusted publisher. |
| 48 | + Locally created scripts can run without a signature. |
| 49 | + This is a common and often recommended balance between security and usability. |
| 50 | +
|
| 51 | +Bypass: |
| 52 | + No restrictions. |
| 53 | + All scripts can run without a signature. |
| 54 | + Use this only if you |
| 55 | + completely trust all the scripts you're running |
| 56 | + understand the security implications. |
| 57 | + It's generally not recommended for regular use. |
| 58 | +
|
| 59 | + Unrestricted: |
| 60 | + All scripts can run, even unsigned ones. |
| 61 | + Similar to Bypass, |
| 62 | + but it also warns you before running unsigned scripts. |
| 63 | + Less restrictive than Bypass, |
| 64 | + but still not recommended for general use unless you have a very specific reason. |
| 65 | +
|
| 66 | +
|
| 67 | +
|
| 68 | +
|
15 | 69 | #region running scripts |
16 | 70 |
|
17 | 71 | #get the execution policy of all scopes in the order of precedence |
18 | 72 | Get-ExecutionPolicy -List |
19 | 73 |
|
20 | 74 | #change execution policy |
21 | 75 | Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser |
| 76 | +#Set-ExecutionPolicy <PolicyName> -Scope <Scope> -Force |
22 | 77 |
|
23 | 78 | #unblock a script downloaded from the internet after you have read and understood the code |
24 | 79 | Unblock-File -Path .\drive_warn.ps1 |
|
0 commit comments