PowerShell
cwpowershell_final
cwpowershell_final
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Windows<strong>PowerShell</strong><br />
Introduction to<br />
to, as I recommend, RemoteSigned. Table 2 lists the possible policy settings.<br />
Table 2<br />
<strong>PowerShell</strong> Script Execution Policy Settings<br />
SETTING<br />
DESCRIPTION<br />
Restricted<br />
AllSigned<br />
RemoteSigned<br />
Unrestricted<br />
Bypass<br />
(Undefined)<br />
This is the default setting. No <strong>PowerShell</strong> scripts will run at all, under any<br />
circumstances.<br />
Only digitally signed scripts (including profile scripts, which I describe<br />
in the next section) will run; in addition, you are prompted to grant<br />
permission to run scripts signed by the specific certificate used.<br />
Scripts (and profiles) that have been written locally will run.<br />
Scripts that have been downloaded from the Internet will not run unless<br />
they are signed and you have approved the signing certificate.<br />
All scripts will run, but you are warned about scripts that have been<br />
downloaded and must approve them before they’ll run.<br />
Any script will run, regardless of its origin. This is a potentially very risky<br />
setting and should be used only in very specific circumstances, where<br />
some other security system is in place to prevent rogue scripts from<br />
running without your permission.<br />
If no policy setting is in place, <strong>PowerShell</strong> treats the setting as Restricted<br />
and no script will run.<br />
I recommend the RemoteSigned setting. Scripts you write and store on your computer<br />
or retrieve across your local area network will run without any problem, but<br />
scripts that arrive via programs with Internet connectivity won’t run unless they have<br />
a digital signature and you’ve confirmed that you trust the person or company that<br />
signed the script. This is a good security compromise.<br />
To change the setting, open a privileged <strong>PowerShell</strong> window as described in the<br />
previous section. Then, type the command<br />
set-executionpolicy remotesigned<br />
You will have to confirm that you want to make this change by typing y and Enter.<br />
(You can disable that prompt by adding -force to the command line.)<br />
Now, you can run <strong>PowerShell</strong> scripts and profiles. .<br />
There are few things you should know about this security setting:<br />
NN<br />
If your computer is part of a corporate domain network, this setting is probably<br />
under the control of your network manager via Group Policy. Type get-executionpolicy<br />
to see what your current setting is. You might not able to change it yourself.<br />
NN<br />
If you are forced into, or choose, the AllSigned policy setting, you’ll have to digitally<br />
sign any script you want to run. It’s a cumbersome process, but it’s not too bad<br />
after you get used to it.<br />
20 COMPUTERWORLD INTRODUCTION TO WINDOWS POWERSHELL