Table of contents
3. Execution policy command syntax format
4. Commonly used commands for executing strategies
PowerShell is a command-line interface for operating systems that is cross-platform and provides many features to automate and optimize various tasks. PowerShell is officially developed by Microsoft and shipped as part of the Windows Server operating system. Using PowerShell, you can perform many operational operations such as creating, editing, viewing, and deleting files and folders, managing users and computers, configuring network settings, running system commands, automating testing and deployment, and more. Today I will continue to share with you the PowerShell series of tutorials.
The previous article explained the relevant knowledge of PowerShell running notes through scripts. Today, I will introduce the relevant knowledge of PowerShell script execution strategies, and understand how Microsoft's PowerShell can protect the security of running scripts.
PowerShell script execution policies are used to control when and how PowerShell scripts are executed. The execution scope of PowerShell scripts can be limited through the execution policy, providing certain security guarantees for system administrators. Policies can restrict who can execute scripts, restrict where scripts can be executed from, and so on. These policies can be configured locally on the computer or in Group Policy. Ultimately protect your computer from malicious scripts and illegal operations.
Today I will explain to you the knowledge about PowerShell script execution strategy!
1. Execution strategy level
- AllSigned: Requires that all scripts and configuration files be signed by a trusted publisher, including scripts written on the local computer; requires confirmation before running scripts from publishers that have not been classified as trusted or untrusted.
- Bypass: script execution without any restrictions
- RemoteSigned: Local scripts on the local computer do not require digital signatures; scripts downloaded from the Internet or other computers require digital signatures to run.
- Restricted: Allows individual commands but not scripts, which prevents all script files from running.
- Undefined: There is no enforcement policy for the current scope. Simply put, if the execution strategy of all scopes is Undefined, the actual test used is consistent with the Default strategy.
- Default: The default execution policy, Window client is Restricted; Windows server is RemoteSigned.
- Unrestricted: The script runs without signature restrictions, and if the script does not come from the script and configuration files of the local intranet zone, there will be a warning before running
2. Execution strategy scope
- MachinePolicy: Set by Group Policy for all users of the computer
- UserPolicy: set by the group policy of the current user of the computer
- Process: The scope Process only affects the current PowerShell session; the execution policy is saved in the environment variable $env:PSExecutionPolicyPreference, not in the registry. Variables and values are deleted when the PowerShell session is closed.
- CurrentUser: Execution policy affects only the current user. It is stored in the HKEY_CURRENT_USER registry subkey.
- LocalMachine: Execution policy affects all users on the current computer. It is stored in the HKEY_LOCAL_MACHINE registry subkey.
3. Execution policy command syntax format
Set-ExecutionPolicy
[-ExecutionPolicy]
[[-Scope] ]
[-Force]
[-WhatIf]
[-Confirm]
[]
Parameter Description:
- -ExecutionPolicy : Specify the execution policy
- -Scope: Specifies the scope affected by the execution policy. The default scope is LocalMachine.
- -Force: Adjust all script prompts, it is recommended to use this parameter with caution. Default is None, can be specified as False
- -WhatIf: Shows what happens when the cmdlet is run. The default value is False.
- -Confirm: Prompts you for confirmation before running the cmdlet. The default value is False.
4. Commonly used commands for executing strategies
Get the current execution policy
Get-ExecutionPolicy
Get all execution policies affecting the current session
Get-ExecutionPolicy -List
Adjust script execution policy
Set-ExecutionPolicy ALLSIGNED
delete execution policy
To remove an execution policy for a specific scope, set Execution Policy to Undefined.
Note: The default policy for Windows clients is Restricted
#删除本地计算机所有用户的执行策略
Set-ExecutionPolicy -ExecutionPolicy Undefined -Scope LocalMachine
Past review
PowerShell series (1): The difference between PowerShell introduction and cmd command line
PowerShell Series (2): Introduction to the Differences Between PowerShell and Python
PowerShell series (3): Combing the development history of PowerShell
PowerShell Series (4): Three ways for PowerShell to enter the interactive environment