Datasheet
20 CHAPTER 1
•
USING POWERSHELL WITH ACTIVE DIRECTORY
When you’re done creating your script, save it with a
.ps1
extension, and the script
will be executable in PowerShell.
Execution Policy
With great power comes great responsibility. Being the robust scripting environ-
ment that PowerShell is, its capabilities could potentially be misused. ere has
been a lot of scripting misuse in the past with other scripting languages. Multiple
vulnerabilities, viruses, and malware have used script-based exploits to engrain
themselves on users’ machines. To prevent this from happening in PowerShell, an
execution policy de nes if and how scripts can run.
By default, the execution policy is con gured to not allow any scripts to run. is
security enhancement is meant as a failsafe to prevent users from accidently execut-
ing malicious code and isn’t intended as a fully vetted security architecture. Users
can easily overcome the limitations of the execution policy by manually typing the
script into PowerShell line by line or by copying and pasting it in.
You can use six di erent settings for the PowerShell execution policy. Table 1.4
describes each of these settings.
TABLE 1.4 Execution Policy Settings
Setting Description
Restricted
(Default) Prevents all scripts from executing.
AllSigned
Allows only scripts that are signed with a trusted certifi cate.
RemoteSigned
Allows scripts written locally to execute, but scripts downloaded from a
nonlocal source (such as a website or email) must be signed with a trusted
certifi cate.
Unrestricted
Allows unsigned scripts to execute but warns the user about scripts that
were not created from the local machine.
Bypass
No scripts are blocked, and no warnings are generated.
Undefined
No execution policy is specifi cally defi ned.
You can determine what the current execution policy is by running the
Get-ExecutionPolicy
cmdlet:
PS C:\> Get-ExecutionPolicy
Restricted
c01.indd 20c01.indd 20 5/12/2011 1:07:48 PM5/12/2011 1:07:48 PM