A Safer Way Of Running Unsigned Powershell Scripts

-
There is no doubt that as a company you should have setup a way of signing all the PowerShell script you are intending to run in your production environment.
But as we all known there will be situation where you want to run unsigned code, or maybe you are testing things out before you are ready to sign them.


No matter the reason why, but if you do need to run scripts in unrestricted or another scope mode you should try to keep it as secure as possible. Examples for how to think security could be:
  • Do not make the change permanent
  •  Limit the timeframe and scope of the changed setting
There are different ways of doing this, Two of the methods I use are based on running just the current process in unrestricted mode.
This can be easily done by adding a “-Scope” to the command.

In PowerShell:

When you have started PowerShell and need to change the execution mode you can use the following line:
Set-ExecutionPolicy unrestricted -scope process; ./Favorit_Tool_v2.1.ps1 
(use full path if you’re not in the folder with the script)
If you want to start PowerShell with the scope set, you can use:

PowerShell.exe -ExecutionPolicy Unrestricted
In the first scenario only the “Favorit_Tool_v2.1.ps1” are run in unrestricted mode, all following command will be run under default of set mode.
The second scenario the entire session will from now until the session are ended, or the scope are modified again, continue to run with execution policy set to unrestricted.


If you want to verify policy setting just run:
 Get-ExecutionPolicy
A Different way of doing a limitation of the escalation to run as a “one event” process is by starting it from the command prompt.

From CMD:

Running a script from command prompt will ensure that the process is ended when the script is finished.
Powershell Set-ExecutionPolicy unrestricted -scope process; ./Favorit_Tool_v2.1.ps1
(use full path if you’re not in the folder with the script)




Understanding PowerShell execution policies:

To get a better under understanding of PowerShell execution policies you can follow THIS link

Popular posts from this blog

Installing Android on a Hyper-V virtual machine

-
Image
Working with mobile device management (MDM) require a lot of testing. With Windows 10 testing is no problem (except those things that demand to be done on a physical device by different reasons), they can easily be run virtual. But when it comes to phones and tablets it have not been that easy. Visual Studio and some other solutions where out there, but they did not come with Store access or they had dependence which excluded Hyper-V from running. Some Emulators runs in a Hyper-V VM with Windows 10, but not on the host itself. So, if you got it to work it was usually slow and painful.
Read more

Quick guide on how to run BgInfo background as Group Policy login

-
Image
I know, it's simple. But I always forget some minor details when it have been a while since last time. So this blogpost is more a reminder to my self. Goal = Get same background picture an all PC (and/or Server) Doing it very simplified and easy in this guide, but you should normally use  folder structure for the files and a suitable Group Policy or more for the setting themself.
Read more

MDT: TimeZoneName and index number list

-
Remebering time zone name and number are a hasle so here are the list for the next time you (or I) need it. Norwegian settings for MDT are: TimeZone=110 TimeZoneName=W. Europe Standard Time (InputLocale=0414:00000414) (KeyboardLocale=nb-NO) The complete list are as following:
Read more