none
digital signatures

    Question

  • What is the best way to keep your powershell source on a NAS drive and allow the computers connected to the NAS to run the scripts?
    • Edited by rac8006 Wednesday, January 18, 2012 4:47 PM
    Wednesday, January 18, 2012 4:46 PM

Answers

  • But this opens up a big security hole, if you set the excecution Policy to unrestricted or bypass!!!
    The best way is to add your NAS share, in Internet explorerer to the trusted zone!
    And set the excecution Policy to Remotesigned!

    a very good explanation you can find in this good article:
    Running PowerShell Scripts From An UNC Path (Share)
    http://setspn.blogspot.com/2011/05/running-powershell-scripts-from-unc.html


    Please click “Mark as Answer” on the post that helps you. Thank you ;-)) Bitte markiere hilfreiche Beiträge von mir als "Hilfreich" und Beiträge die deine Frage ganz oder teilweise beantwortet haben als "Antwort". Das wäre Nett :-))
    • Proposed as answer by Bigteddy Thursday, January 19, 2012 6:12 AM
    • Edited by Peter Kriegel Thursday, January 19, 2012 6:40 AM
    • Marked as answer by rac8006 Thursday, January 19, 2012 8:29 PM
    Thursday, January 19, 2012 6:10 AM

All replies

  • What relationship has your question with your post title ?

    Please read trough :

    How to ask a question efficiently in TechNet forum

    none
    Please click “Mark as Answer” on the post that helps you. Thank you ;-)) Bitte markiere hilfreiche Beiträge von mir als "Hilfreich" und Beiträge die deine Frage ganz oder teilweise beantwortet haben als "Antwort". Das wäre Nett :-))
    Wednesday, January 18, 2012 5:12 PM
  • What relationship has your question with your post title ?


    I think the OP is referring to the signing of scripts.  I quote from the help about_execution_policies:

    "Note: On systems that do not distinguish Universal Naming Convention (UNC)
              paths from Internet paths, scripts that are identified by a UNC path
              might not be permitted to run with the RemoteSigned execution policy."

    A NAS drive may be seen as an internet source.

    Also see:

    PS C:\scripts> help about_signing
    TOPIC
        about_signing

    SHORT DESCRIPTION
        Explains to how sign scripts so that they comply with the Windows
        PowerShell execution policies.


    Grant Ward, a.k.a. Bigteddy

    What's new in Powershell 3.0 (Technet Wiki)

    Network Live Audit - Powershell script
    Wednesday, January 18, 2012 5:58 PM
  • Hey Bigteddy read the point 4. in this funny blog:

    Guessing game!

    http://sincealtair.blogspot.com/2010/04/how-to-ask-questions-in-technical-forum.html

     

    Want he sign his scripte ?
    Has  he a certificate or a PKI infrasructure ?
    Domain or at home wihtout PKI?
    Or  simply set Policy to Unrestricted?

    I guess he will sign a script:
    Windows PowerShell Sign Here, Please
    http://technet.microsoft.com/en-us/magazine/2008.04.powershell.aspx

     


    Please click “Mark as Answer” on the post that helps you. Thank you ;-)) Bitte markiere hilfreiche Beiträge von mir als "Hilfreich" und Beiträge die deine Frage ganz oder teilweise beantwortet haben als "Antwort". Das wäre Nett :-))
    Wednesday, January 18, 2012 6:02 PM
  • Sorry I'm not a genius.  If I was I would not have to ask the question.

    When I run my powershell sciprt on my two desktops it works fine.  When I run it on the laptop I get the following error:

    File t:\ps1src\Utility.ps1 cannot be loaded. The contents of file t:\ps1src\Utility.ps1 may have been tampered because
    the hash of the file does not match the hash stored in the digital signature. The script will not execute on the system
    . Please see "get-help about_signing" for more details..

     

    This script did work previously.

     

    RAC

    Wednesday, January 18, 2012 8:05 PM
  • The easiest would be to set the execution policy on your laptop to unrestricted.  To do this, open a Powershell prompt as Administrator (elevated).  Then run the following command:

    set-executionpolicy unrestricted <Enter>

    You only need to do this once, and your scripts from the NAS should run on the laptop without problem from then on.


    Grant Ward, a.k.a. Bigteddy

    What's new in Powershell 3.0 (Technet Wiki)

    Network Live Audit - Powershell script
    • Edited by Bigteddy Wednesday, January 18, 2012 8:27 PM
    Wednesday, January 18, 2012 8:26 PM
  • But this opens up a big security hole, if you set the excecution Policy to unrestricted or bypass!!!
    The best way is to add your NAS share, in Internet explorerer to the trusted zone!
    And set the excecution Policy to Remotesigned!

    a very good explanation you can find in this good article:
    Running PowerShell Scripts From An UNC Path (Share)
    http://setspn.blogspot.com/2011/05/running-powershell-scripts-from-unc.html


    Please click “Mark as Answer” on the post that helps you. Thank you ;-)) Bitte markiere hilfreiche Beiträge von mir als "Hilfreich" und Beiträge die deine Frage ganz oder teilweise beantwortet haben als "Antwort". Das wäre Nett :-))
    • Proposed as answer by Bigteddy Thursday, January 19, 2012 6:12 AM
    • Edited by Peter Kriegel Thursday, January 19, 2012 6:40 AM
    • Marked as answer by rac8006 Thursday, January 19, 2012 8:29 PM
    Thursday, January 19, 2012 6:10 AM
  • Yes Peter, that is a better solution.
    Grant Ward, a.k.a. Bigteddy

    What's new in Powershell 3.0 (Technet Wiki)

    Network Live Audit - Powershell script
    Thursday, January 19, 2012 6:12 AM
  • Thanks for the response.  I like your solution.  I can keep the remotesigned for all systems.  I just

    then create a special powershell shortcut that sets the bypass for that session.  I've checked it out

    on all three systems and they all work.

     

    Thanks again.

    RAC

    Thursday, January 19, 2012 8:31 PM