Setup

Setting execution policies on Windows PowerShell

Scenario description

PowerShell Scripts allow you to automate common tasks within Windows, Microsoft applications, and of course Office 365 Cloud Services.

These scripts can potentially harm your computer, perform malicious actions or execute unintended commands within your Cloud Services environment, so Microsoft has protected you from this by disabling PowerShell scripts by default. 

You must set the PowerShell Execution policy according to your needs.

The execution policies are as follows:

Restricted:
Does not load configuration files or run scripts. "Restricted" is the default execution policy.

RemoteSigned:
Requires that all scripts and configuration files downloaded from the Internet be signed by a trusted publisher.

AllSigned:
Requires that all scripts and configuration files be signed by a trusted publisher, including scripts that you write on the local computer.

Unrestricted:
Loads all configuration files and runs all scripts. If you run an unsigned script that  was downloaded from the Internet, you are prompted for permission before it runs.

Bypass:

Nothing is blocked and there are no warnings or prompts.

Undefined:
Removes the currently assigned execution policy from the current scope. This parameter will not remove an execution policy that is set in a Group Policy scope.

Note: It is important that you only download or use PowerShell scripts from a trusted source especially when setting the policy as ‘Unrestricted’. Further to this, it is recommended for security reasons that you revert any changes to the default policy unless you have an ongoing need.

Executing the Set-ExecutionPolicy command can only be done in a PowerShell window opened using “Run as administrator.”

Setting execution policies on Windows PowerShell

This command will display your current execution policy. This is worth noting if you wish to revert back at a later point.

Get-ExecutionPolicy

This command will set a policy that requires that all scripts and configuration files downloaded from the Internet be signed by a trusted publisher. You can replace ‘RemoteSigned’ with your desired execution policy name to alter the policy applied.

Set-ExecutionPolicy RemoteSigned

This command will set the execution policy to the default setting for windows. This may however not be the default for your environment. 

Set-ExecutionPolicy Restricted
Comments

No Comments