locked
test powershell execution policy RemoteSigned RRS feed

  • Question

  • Hi,

    How do I practically test powershell's execution policy RemoteSigned?

    I did downloaded a sample powershell ps1 script from the internet but when I copied over to my local drive and executed the script, it executed successfully. I would imagine that if you copy over a script downloaded to your local drive then it would be treated as a local script then?

    Regards,

    Ochen

    Wednesday, May 27, 2015 6:24 AM

Answers

  • it's possible that you have your IE zones security settings configured incorrectly. If you download something from a site that you have listed in Trusted Sites or Intranet zones, then Powershell will not see that it is from a remote computer. See here for details:

    http://blogs.msdn.com/b/powershell/archive/2007/03/07/how-does-the-remotesigned-execution-policy-work.aspx

    You can use Get-Item to determine if a file is marked as remote:

    Get-Item c:\scripts\script.ps1 -Stream Zone.Identifier

    If a zone identifier is returned, then the file is considered to be downloaded from the internet and if not then it is trusted.

    • Proposed as answer by AnnaWY Thursday, June 4, 2015 11:42 AM
    • Marked as answer by AnnaWY Saturday, June 6, 2015 8:55 AM
    Wednesday, May 27, 2015 12:16 PM

All replies

  • Get-ExecutionPolicy



    Regards Chen V [MCTS SharePoint 2010]

    Wednesday, May 27, 2015 7:18 AM
  • Ok, i'll make it more clear.

    I have set the execution policy to remote signed.

    Set-ExecutionPolicy RemoteSigned

    So essentially what I need to test is that I download a ps1 file from the internet and when I copy over to my local disk and execute it, it should error out stating "Not signed by a trusted publisher".

    Wednesday, May 27, 2015 7:31 AM
  • The About_Signing and About_Execution_Policies documentations do not give us more details than "If your Windows PowerShell execution policy is RemoteSigned, Windows  PowerShell will not run unsigned scripts that are downloaded from the Internet, including unsigned scripts you receive through e-mail and instant messaging programs."

     

    How does PowerShell know that the script has been downloaded from Internet?

     

    I found this very old article on the MSDN PowerShell Team's blog which explains how does the RemoteSigned execution policy workMight be helpful… but cannot promise that it is up-to-date!

    Wednesday, May 27, 2015 7:44 AM
  • unsigned scripts that are downloaded from the Internet, including unsigned scripts you receive through e-mail and instant messaging programs."

    This doesn't seem to work for me. No matter what scripts i download from the internet, once i copy it over, it runs fine as powershell treats it as a local script....

    Unsigned scripts would mean file that are downloaded form the internet and not yet trusted? File properties.. unblock????

    Wednesday, May 27, 2015 10:51 AM
  • it's possible that you have your IE zones security settings configured incorrectly. If you download something from a site that you have listed in Trusted Sites or Intranet zones, then Powershell will not see that it is from a remote computer. See here for details:

    http://blogs.msdn.com/b/powershell/archive/2007/03/07/how-does-the-remotesigned-execution-policy-work.aspx

    You can use Get-Item to determine if a file is marked as remote:

    Get-Item c:\scripts\script.ps1 -Stream Zone.Identifier

    If a zone identifier is returned, then the file is considered to be downloaded from the internet and if not then it is trusted.

    • Proposed as answer by AnnaWY Thursday, June 4, 2015 11:42 AM
    • Marked as answer by AnnaWY Saturday, June 6, 2015 8:55 AM
    Wednesday, May 27, 2015 12:16 PM