Windows Server TechCenter >
Windows Server Forums
>
Windows PowerShell
>
Security Warning. Run only scripts that you trust....
Security Warning. Run only scripts that you trust....
- Hello,
Getting this warning message which requires user interaction to get past, which is royally screwing me right now.
Security Warning. Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your computer. Do you want to run PATHTOSCRIPT?
[D] Do not Run [R] Run once [S] Suspend [?] Help (default is "D"):
Execution policy is set to 'unrestricted'. I am trying to run it directly from a file share, path given as mapped drive. Not downloaded from the internet... I am aware the system may interpetting the file share as the 'internet zone', or 'intranet zone', and hence the warning... there is no ADS stream in the file to change, I even tried putting one there to explicitly mark it as safe but that didn't work either.
I have seen some other posts on this but I am hoping a workaround has been found... I know powershell 2.0 has a new switch which will take care of this but I'm using powershell 1.0. Do I have to resort to a .cmd or vbscript which copies the ps file to the local machine and launches it, then work in some cleanup routine that deletes the ps file from the local machine when done?
I thought I remembered reading something about this before I actually started using powershell... like using the invoke '&' or '.' dotSource commands in some way to somehow work around this and launch a ps script directly from a network share? I can't find anything on that now.
anyone?
Answers
- Read this post, including the comments:
https://blogs.msdn.com/powershell/archive/2007/05/06/running-scripts-downloaded-from-the-internet.aspx- Marked As Answer byc0pe Friday, May 08, 2009 7:05 PM
- Proposed As Answer byMarco ShawMVP, ModeratorFriday, May 08, 2009 6:22 PM
All Replies
- just FYI, this is what I am doing now, but I don't like it.
powershell.exe -command "Set-ExecutionPolicy RemoteSigned; cpi z:\scripts\scriptName.ps1 -Destination c:\; c:\scriptName.ps1; ri c:\scriptName.ps1; Set-ExecutionPolicy Restricted"
I'm using MDT 2008 to deploy servers so that command works as a 'run command line' step in a task sequence. Powershell has to already be there of course, which in my case was done via unattend.xml. You can't execute a remote script directly by default but you can execute a powershell command locally, or commands by seperating each command with a semicolon. This is what the command does:
1. changes the default execution policy so that a script can be run.
2. copies the script file from the network share to the local machine
3. runs that script file from the local machine
4. deletes the script file from the local machine
5. sets the execution policy back to the default
works, but still looking for something better. You could use this for MDT task sequences as I have done, or you could create shortcuts to ps scripts on network shares in this same way... basicaly set exec policy if need be, copy to a temp location, execute, clean up, set policy back if need be. - Read this post, including the comments:
https://blogs.msdn.com/powershell/archive/2007/05/06/running-scripts-downloaded-from-the-internet.aspx- Marked As Answer byc0pe Friday, May 08, 2009 7:05 PM
- Proposed As Answer byMarco ShawMVP, ModeratorFriday, May 08, 2009 6:22 PM
- thanks for the info Marco. Definitely good to know. For my particular case I will probably stick with what I have done over doing the registry mods to add the remote machine to the Trusted Zone. Not that it is not a good solution, it is. But in my case, to to that, I would need to add another step in the task sequence, which runs a vbscript or bat file that makes the registry mods, then runs the powershell step... whereas now it is being done with the one task sequence step. Either way would work, there is just no compelling reason, as far as I can see, to change it.
But again, for typical scenarios, as in not part of a completely automated deployment system, manually 'unblocking' your script files, or adding your servers to the trusted zone, would be fine.... and I'm sure I'll do that in the future.
thanks again. - For future readers: On Windows Server O/S, turning off IE ESC (Internet Explorer Enhanced Security Configuration) eliminated this prompt for me, and I was able to leave my execution policy set to RemoteSigned. In Server 2008, you can do this in the server manager by clicking Configure IE ESC on the right hand side under Security Information.
