PowerShell

More documents

Recommendations

Info

WindowsPowerShell Introduction to to, as I recommend, RemoteSigned. Table 2 lists the possible policy settings. Table 2 PowerShell Script Execution Policy Settings SETTING DESCRIPTION Restricted AllSigned RemoteSigned Unrestricted Bypass (Undefined) This is the default setting. No PowerShell scripts will run at all, under any circumstances. Only digitally signed scripts (including profile scripts, which I describe in the next section) will run; in addition, you are prompted to grant permission to run scripts signed by the specific certificate used. Scripts (and profiles) that have been written locally will run. Scripts that have been downloaded from the Internet will not run unless they are signed and you have approved the signing certificate. All scripts will run, but you are warned about scripts that have been downloaded and must approve them before they’ll run. Any script will run, regardless of its origin. This is a potentially very risky setting and should be used only in very specific circumstances, where some other security system is in place to prevent rogue scripts from running without your permission. If no policy setting is in place, PowerShell treats the setting as Restricted and no script will run. I recommend the RemoteSigned setting. Scripts you write and store on your computer or retrieve across your local area network will run without any problem, but scripts that arrive via programs with Internet connectivity won’t run unless they have a digital signature and you’ve confirmed that you trust the person or company that signed the script. This is a good security compromise. To change the setting, open a privileged PowerShell window as described in the previous section. Then, type the command set-executionpolicy remotesigned You will have to confirm that you want to make this change by typing y and Enter. (You can disable that prompt by adding -force to the command line.) Now, you can run PowerShell scripts and profiles. . There are few things you should know about this security setting: NN If your computer is part of a corporate domain network, this setting is probably under the control of your network manager via Group Policy. Type get-executionpolicy to see what your current setting is. You might not able to change it yourself. NN If you are forced into, or choose, the AllSigned policy setting, you’ll have to digitally sign any script you want to run. It’s a cumbersome process, but it’s not too bad after you get used to it. 20 COMPUTERWORLD INTRODUCTION TO WINDOWS POWERSHELL
WindowsPowerShell Introduction to NN You might recall that files downloaded from the Internet are marked as “potentially risky” through information stored in a separate data stream associated with the downloaded file. To remove this marker from a downloaded script that you are certain is safe, use Windows Explorer to open the file’s properties dialog box and click Unblock. It will now be considered a local file and will run under the RemoteSigned execution policy. Finally, remember that if you have a local area network (LAN) but not a Windows domain network, and the scripting execution policy isn’t set by Group Policy, you’ll have to change this setting on every computer on your network that you want to manage using PowerShell. PowerShell Profiles As I showed in the previous sections, you can customize the PowerShell environment to suit your preferences by adding custom aliases, adding directories to the path, and so on. It would be a pain to have to retype these commands every time you started PowerShell—and you don’t have to if you set up a PowerShell profile, which is a script of commands that PowerShell runs every time you start a new instance. You might want to put commands of this sort in a profile script: new-alias -name “n” -val “notepad” -descr “Edit a file with Notepad” $env:path += “c:\PSscripts” so that your favorite, custom aliases will be available every time you use Power- Shell. Here’s the skinny: Whenever you start Windows PowerShell in any of its various flavors (the regular command-line PowerShell, the GUI PowerShell ISE, or a Power- Shell variant that’s embedded inside another application), it looks for profile scripts in the following two locations, in this order: %windir%\system32\WindowsPowerShell\v1.0 where %windir% is the folder in which Windows is installed, usually c:\windows, and %userprofile%\[My] Documents\WindowsPowerShell where %userprofile% is your account’s profile folder, usually c:\Users\username on Windows 7 and Vista and c:\Documents and Settings\username on Windows XP. Within these two folders, the different flavors of Windows PowerShell look for different profile filenames. Every PowerShell variant looks first for a script named profile.ps1 and runs it if it’s found. The command-line PowerShell then looks for a profile script named Microsoft.Powershell_profile.ps1 and executes that one if it’s found. The GUI PowerShell ISE program, on the other hand, looks first for profile.ps1 and then Microsoft.PowerShellISE_profile.ps1. Profile scripts in the %windir% folder affect all users on the computer, while profile scripts in your %userprofile% location affect only shells that you use. So, you can decide to make some customizations available to everyone and make some just for 21 COMPUTERWORLD INTRODUCTION TO WINDOWS POWERSHELL
Page 1 and 2: COMPUTERWORLD November 2015 | www.c
Page 3 and 4: WindowsPowerShell Introduction to I
Page 5 and 6: WindowsPowerShell Introduction to w
Page 7 and 8: WindowsPowerShell Introduction to W
Page 9 and 10: WindowsPowerShell Introduction to T
Page 11 and 12: WindowsPowerShell Introduction to N
Page 13 and 14: WindowsPowerShell Introduction to a
Page 15 and 16: WindowsPowerShell Introduction to m
Page 17 and 18: WindowsPowerShell Introduction to H
Page 19: WindowsPowerShell Introduction to d
Page 23 and 24: WindowsPowerShell Introduction to G
Page 25 and 26: WindowsPowerShell Introduction to d
Page 29 and 30: WindowsPowerShell Introduction to U
Page 31 and 32: WindowsPowerShell Introduction to t
Page 33 and 34: WindowsPowerShell Introduction to M
Page 39 and 40: WindowsPowerShell Introduction to 9
Page 41 and 42: WindowsPowerShell Introduction to
Page 43 and 44: WindowsPowerShell Introduction to M
Page 45 and 46: WindowsPowerShell Introduction to c
Page 49 and 50: WindowsPowerShell Introduction to E
Page 51 and 52: WindowsPowerShell Introduction to 1
Page 53 and 54: WindowsPowerShell Introduction to -

PowerShell

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?