|
|||
|
|
|
| Home |
| About |
| Hobbies |
| Software |
| Hardware |
| ICT Hotlist |
| Purpose |
React:
ICT-Hotlist Topic
Back to the ICT-Hotlist...Reduce security to run local PowerShell scripts
When you try to run the PowerShell script example "C:\test\HelloWorld.ps1" [view here] and always get the following error message:
PS C:\test> .\HelloWorld.ps1
File C:\test\HelloWorld.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see "g
et-help about_signing" for more details.
At line:1 char:17
+ .\HelloWorld.ps1 <<<<
+ CategoryInfo : NotSpecified: (:) [], PSSecurityException
+ FullyQualifiedErrorId : RuntimeException
To solve this problem and to make PowerShell run scripts on your Windows XP, Vista, Windows 7, Windows 8,
Server 2003, Server 2008 (r2) and Server 2012 (r2) system, you have to reduce the default security for PowerShell. The PowerShell
script security setting is called "execution policy" and out of the box is "Restricted". That means that PowerShell will
not run any scripts.
File C:\test\HelloWorld.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see "g
et-help about_signing" for more details.
At line:1 char:17
+ .\HelloWorld.ps1 <<<<
+ CategoryInfo : NotSpecified: (:) [], PSSecurityException
+ FullyQualifiedErrorId : RuntimeException
Method 1. Change within PowerShell
CheckHow can you detect the current execution policy?
Open the PowerShell command prompt type the following and then pressing ENTER
Get-ExecutionPolicy
The default result is:
Restricted
Change
To get the PowerShell scripts on your desktop or server working you can raise the execution policy slightly to " RemoteSigned". This allows only local PowerShell scripts to run. Other scripts downloaded from the internet must be signed by a trusted publisher.
You have to type the following and press ENTER:
Set-ExecutionPolicy RemoteSigned
You see the following warning:
Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
you to the security risks described in the about_Execution_Policies help topic. Do you want to change the execution
policy?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): y
Warning: If you get the following error:
Check
Set-ExecutionPolicy : Access to the registry key
'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' is denied.
You have to start the
PowerShell command prompt with administrative rights (Run as administrator)
Type the following and then press ENTER
Get-ExecutionPolicy
The result now must be:
RemoteSigned
Now you are up to
run PowerShell scripts on your desktop or server.
Method 2. Change the registry.
The other method is to load a registry file (you must be an administrative user):
Windows Registry Editor Version 5.00
; This registry setting enables PowerShell to run local scripts (C)Copyright 2013 - 2024 Johan van Soest [http://www.vansoest.it]
Warning:This solution modifies the Windows registry. Back up the registry before you modify it. Then, you can restore the registry if a problem occurs.
; This registry setting enables PowerShell to run local scripts (C)Copyright 2013 - 2024 Johan van Soest [http://www.vansoest.it]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]
"ExecutionPolicy"="RemoteSigned"
Method 3. Setting security with a GPO.
The PowerShell execution policy can also be changed with a Group Policy Object (GPO). Be forewarned, do not run your desktop GPO's on all your servers. Also some operating systems need to load a .adm file to be able to change the correct setting. Search the internet for the .adm file and complete GPO path. GPO management does not fit within the scope of this tip.Testing
When you run the script "C:\test\HelloWorld.ps1" after the configuration, the correct output appears:
PS C:\test> .\HelloWorld.ps1
Hello World,
Johan van Soest wishes you : Good evening!
Hello World,
Johan van Soest wishes you : Good evening!
You may vote your opinion about this article:
Scripts and programming examples disclaimer
Unless stated otherwise, the script sources and programming examples provided are copyrighted freeware. You may modify them, as long as a reference to the original code and hyperlink to the source page is included in the modified code and documentation. However, it is not allowed to publish (copies of) scripts and programming examples on your own site, blog, vlog, or distribute them on paper or any other medium, without prior written consent.Many of the techniques used in these scripts, including but not limited to modifying the registry or system files and settings, impose a risk of rendering the Operating System inoperable and loss of data. Make sure you have verified full backups and the associated restore software available before running any script or programming example. Use these scripts and programming examples entirely at your own risk. All liability claims against the author in relation to material or non-material losses caused by the use, misuse or non-use of the information provided, or the use of incorrect or incomplete information, are excluded. All content is subject to change and provided without obligation.
