Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Alternatives to fix PowerShell error "execution of scripts is disabled on this system"

Tags:

powershell

I have a PowerShell script which is written by me. I try to run the PowerShell script as below;

PS C:\Documents and Settings\Administrator>c:\test\Test.ps1

So this is giving me an error saying:

File c:\test\Test.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see "get-help about_signing" for more details.

I found that setting Set-ExecutionPolicy Unrestricted will fix the error.

But my questions are;

  1. What is this signing is about?
  2. Can we fix this error without setting Set-ExecutionPolicy Unrestricted (doing a signing kind of a thing)? If so, how to do that?
  3. Is there a security issue arise if I set Set-ExecutionPolicy Unrestricted in my web server?
like image 473
New Developer Avatar asked Jul 18 '13 03:07

New Developer


2 Answers

Set-ExecutionPolicy causes a system wide change. Scripts are possible security vulnerabilities, which is why all script execution is disabled by default. One possibility is to launch the PowerShell process from the command line with an execution policy that is only in effect for that specific session. The command line would be something like:

> powershell.exe -ExecutionPolicy Unrestricted -File "c:\test\Test.ps1"

You could combine this with signing by leaving the default policy to Restricted and launching PowerShell with RemoteSigned or AllSigned policy when needed. Some additional information on the powershell.exe command line options is here.

like image 141
Mike Zboray Avatar answered Nov 15 '22 01:11

Mike Zboray


If you did what the instructions told you to do you would have gotten a help page that would have told you exactly what you need to do.

get-help about_signing

In summary, the computer has no way to tell that whoever wrote the script was a trustworthy person, so by default it does not run any untrustworthy scripts. The two ways to fix this is either allow scripts from unknown sources (the solution you found out about by using Set-ExecutionPolicy Unrestricted) or by "signing" the script proving it came from a trustworthy source and has not been tampered with seance you got it from that source.

To sign your own code you will need a code signing certificate. Read that about_signing help and there is a section called CREATE A SELF-SIGNED CERTIFICATE that tells you how to do it.

After you have the certificate you need to sign your script. If you check that same help again there is a section called SIGN A SCRIPT that tells you how to do that too.

like image 40
Scott Chamberlain Avatar answered Nov 14 '22 23:11

Scott Chamberlain