Windows PowerShell 1.0 Security

Revision as of 19:23, 29 December 2008 by Neil (Talk | contribs) (New page: The objective of this chapter of Windows PowerShell 1.0 Essentials is to provide an overview of the security mechanisms provided with Windows PowerShell, including configuration of ''s...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Revision as of 19:23, 29 December 2008 by Neil (Talk | contribs) (New page: The objective of this chapter of Windows PowerShell 1.0 Essentials is to provide an overview of the security mechanisms provided with Windows PowerShell, including configuration of ''s...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

The objective of this chapter of Windows PowerShell 1.0 Essentials is to provide an overview of the security mechanisms provided with Windows PowerShell, including configuration of script execution policies and the signing of PowerShell scripts through the use of certificates.

Windows PowerShell Script Execution Policy

By default, the execution of scripts in the Windows PowerShell environment is disabled (although it is still possible to execute commands interactively at the PowerShell command prompt). This is controlled by the Windows PowerShell script execution policy setting. Attempting to run a script when in this restricted mode will result in the following error being displayed:


In addition to restricted mode, AllSigned, RemoteSigned and Unrestricted modes are also available, details of which are outlined in the following table:

RestrictedThe default policy on Windows PowerShell, this mode disables the execution of script files. Windows PowerShell may only be used by manually issuing commands at the command prompt.
AllSignedLimits execution to scripts which are authenticode signed. When a signed script is executed, PowerShell will prompt for confirmation that the signer of the script can trusted.
RemoteSignedRequires that any scripts that have been downloaded from a remote location must be signed before they may are permitted to execute.
UnrestrictedAllows any script to be executed, regardless of origin or whether it is signed.