Scripts in Windows PowerShell are basically
sequences of commands stored in a text file. A script in Windows
PowerShell must have the file name extension .ps1 and can contain
functions such as the ones described in the previous section. Like
functions, scripts in Windows PowerShell can use parameters to accept
input.
Windows PowerShell was designed with security in
mind. One security feature is that files with the extension .ps1 are
associated with Notepad, rather than Windows PowerShell. This prevents
users from accidentally clicking a script and executing it
unintentionally.
Another security feature is the execution policy,
which controls how scripts can be executed. Before we get started with
writing scripts, let’s take a quick tour of the execution policies in
Windows PowerShell.
Setting the Execution Policy
Windows PowerShell supports execution policies that
let you define criteria for allowing scripts to execute. The execution
policies for the local computer and current users are stored in the
registry. The following are the Windows PowerShell execution policies:
Restricted
This is the default policy. It permits commands and functions to be run
in the Windows PowerShell console, but will not run scripts.
AllSigned
This policy allows execution of scripts, but requires them to be
digitally signed by a trusted publisher, including scripts written on
your local computer.
RemoteSigned
This policy allows scripts written on the local computer to be
executed, but does not allow execution of scripts downloaded or
received by e-mail, unless they are digitally signed.
Unrestricted With this policy, Windows PowerShell runs all scripts, but displays a warning for scripts originating from the Internet.
Note
Windows PowerShell (or any component of the
operating system) can tell whether or not a script or file originating
from the Internet is trusted by the zone information contained in a
specified alternative data stream of the file. All it takes to turn an
Internet file into a local file is opening the file’s properties and
clicking the Unblock button (this applies to Windows XP SP2 and
Internet Explorer 7 and later).
You can use the Get-ExecutionPolicy cmdlet to retrieve the current execution policy on the local computer.
PS > Get-ExecutionPolicy
Restricted
In this example, the policy is set to Restricted, which is the default.
To
set a Windows PowerShell execution policy, you need elevated
privileges. To run Windows PowerShell with elevated privileges,
right-click the Windows PowerShell icon and click Run as Administrator.
Note
Since there is no User Access Control (UAC) in
Windows XP or Windows Server 2003, the Run as Administrator option does
not apply to those operating systems.
You can now use the Set-ExecutionPolicy cmdlet to change the execution policy. Here’s an example of changing the policy to RemoteSigned:
PS > Set-ExecutionPolicy RemoteSigned
Execution Policy Change
The execution policy helps protect you from scripts that you do not trust.
Changing the execution policy might expose
you to the security risks described in the about_Execution_Policies help topic.
Do you want to change the execution policy?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): Y
