TechTalkz.com Logo Ask the Experts!

Go Back   TechTalkz.com Technology & Computer Troubleshooting Forums > Tech Support Archives > Microsoft > Microsoft Windows Powershell

How to enable Power shell scripts

Microsoft Windows Powershell

 
 
Thread Tools Display Modes
Unread 20-03-2008, 12:35 AM   #1
Dee
Guest
 
Posts: n/a
How to enable Power shell scripts

I want to run some power shell scripts for tests.

I have run the command below, but I'm getting the error below.

PS C:\TEMP> Set-ExecutionPolicy Unrestricted
Set-ExecutionPolicy : Access to the registry key
'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\ 1\ShellIds\Microsoft
..PowerShell' is denied.

I am an Administrator

I checked the registry and nothing in there to allow for this option.

Its great to secure scriptiing this way, but can anyone help on how I can
get ps1 scripts to run on Vista or whats best practise on running the PS1
scripts.

D

--
Dee
 
Unread 20-03-2008, 12:35 AM   #2
Tomas Restrepo [MVP]
Guest
 
Posts: n/a
Re: How to enable Power shell scripts

Hi Dee
>I want to run some power shell scripts for tests.
>
> I have run the command below, but I'm getting the error below.
>
> PS C:\TEMP> Set-ExecutionPolicy Unrestricted
> Set-ExecutionPolicy : Access to the registry key
> 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\ 1\ShellIds\Microsoft
> .PowerShell' is denied.
>
> I am an Administrator
>
> I checked the registry and nothing in there to allow for this option.
>
> Its great to secure scriptiing this way, but can anyone help on how I can
> get ps1 scripts to run on Vista or whats best practise on running the PS1
> scripts.

'
Try opening up a powershell window with elevated privileges and running the
command again (find powershell on the start menu, right click, Run as
Administrator). That should work, I think


--
Tomas Restrepo
http://www.devdeo.com/
http://www.winterdom.com/weblog/

 
Unread 20-03-2008, 01:30 AM   #3
Marco Shaw [MVP]
Guest
 
Posts: n/a
Re: How to enable Power shell scripts

Dee wrote:
> I want to run some power shell scripts for tests.
>
> I have run the command below, but I'm getting the error below.
>
> PS C:\TEMP> Set-ExecutionPolicy Unrestricted
> Set-ExecutionPolicy : Access to the registry key
> 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\ 1\ShellIds\Microsoft
> .PowerShell' is denied.
>
> I am an Administrator
>
> I checked the registry and nothing in there to allow for this option.
>
> Its great to secure scriptiing this way, but can anyone help on how I can
> get ps1 scripts to run on Vista or whats best practise on running the PS1
> scripts.
>
> D
>


Try as Tomas mentions. Also, it is best to set the policy to
"RemoteSigned".

This way you would initially get a warning about scripts downloaded from
the Internet before being able to run them (if not signed).

Marco

--
Microsoft MVP - Windows PowerShell
http://www.microsoft.com/mvp

PowerGadgets MVP
http://www.powergadgets.com/mvp

Blog:
http://marcoshaw.blogspot.com
 
Unread 20-03-2008, 01:27 PM   #4
Thomas Lee
Guest
 
Posts: n/a
Re: How to enable Power shell scripts

In message <uq1xvliiIHA.944@TK2MSFTNGP05.phx.gbl>, "Marco Shaw [MVP]"
<marco.shaw@_NO_SPAM_gmail.com> writes
>Also, it is best to set the policy to "RemoteSigned".


I'd argue this point a bit.

For me, this policy has no real effect - I use FireFox and it does not
set the alternate data stream to indicate a script was downloaded from
the internet.

Frankly, if this is what one is using to prevent bad code running, it's
a bit weak. All I have to do to get around it is to download the script,
cut/paste it to another file and hey presto it's no longer "remote".

I'd argue that requiring signing of all scripts is probably safer but
more of a PITA.

Thomas
--
Thomas Lee
doctordns***********
MVP - Admin Frameworks and Security
 
Unread 20-03-2008, 02:29 PM   #5
Marco Shaw [MVP]
Guest
 
Posts: n/a
Re: How to enable Power shell scripts


> I'd argue this point a bit.
>
> For me, this policy has no real effect - I use FireFox and it does not
> set the alternate data stream to indicate a script was downloaded from
> the internet.
>
> Frankly, if this is what one is using to prevent bad code running, it's
> a bit weak. All I have to do to get around it is to download the script,
> cut/paste it to another file and hey presto it's no longer "remote".
>
> I'd argue that requiring signing of all scripts is probably safer but
> more of a PITA.


I agree in your case. I think for a more general purpose/case/use,
admins would want to get remotesigned on systems.

True, it isn't *the* best option(s) for security, but it adds one,
albeit small for the most part, measure of security.

Marco
 
Unread 20-03-2008, 02:29 PM   #6
Tomas Restrepo [MVP]
Guest
 
Posts: n/a
Re: How to enable Power shell scripts

Thomas,
>
> I'd argue this point a bit.
>
> For me, this policy has no real effect - I use FireFox and it does not set
> the alternate data stream to indicate a script was downloaded from the
> internet.


<chuckle>

> I'd argue that requiring signing of all scripts is probably safer but more
> of a PITA.


But is this realistic? I mean, is anyone writing their own custom scripts
and signing them?

Or, put it another way, how many people go around download scripts and
blindly executing them without looking at the script contents?


--
Tomas Restrepo
http://www.devdeo.com/
http://www.winterdom.com/weblog/

 
Unread 22-03-2008, 03:24 AM   #7
Keith Hill [MVP]
Guest
 
Posts: n/a
Re: How to enable Power shell scripts

"Tomas Restrepo [MVP]" <tomasr@mvps.org> wrote in message
news:eSinbDpiIHA.4396@TK2MSFTNGP04.phx.gbl...
> Thomas,
>>
>> I'd argue this point a bit.
>>
>> For me, this policy has no real effect - I use FireFox and it does not
>> set the alternate data stream to indicate a script was downloaded from
>> the internet.

>
> <chuckle>
>
>> I'd argue that requiring signing of all scripts is probably safer but
>> more of a PITA.

>
> But is this realistic? I mean, is anyone writing their own custom scripts
> and signing them?


Uh no. It is a PITA IMO and provides no benefit for the build and test
scripts that we use in production.

> Or, put it another way, how many people go around download scripts and
> blindly executing them without looking at the script contents?


What's that phrase Gump uses - "stupid is as stupid does". :-)

--
Keith

 
Unread 22-03-2008, 01:23 PM   #8
Dee
Guest
 
Posts: n/a
Re: How to enable Power shell scripts

Hi All

IT worked..

I ran powershell as Administrator, chenged the policy to remotesigned and
then the script.

Many thanks for your help and the interesting comments re the security issues.

D
--
Dee


"Keith Hill [MVP]" wrote:

> "Tomas Restrepo [MVP]" <tomasr@mvps.org> wrote in message
> news:eSinbDpiIHA.4396@TK2MSFTNGP04.phx.gbl...
> > Thomas,
> >>
> >> I'd argue this point a bit.
> >>
> >> For me, this policy has no real effect - I use FireFox and it does not
> >> set the alternate data stream to indicate a script was downloaded from
> >> the internet.

> >
> > <chuckle>
> >
> >> I'd argue that requiring signing of all scripts is probably safer but
> >> more of a PITA.

> >
> > But is this realistic? I mean, is anyone writing their own custom scripts
> > and signing them?

>
> Uh no. It is a PITA IMO and provides no benefit for the build and test
> scripts that we use in production.
>
> > Or, put it another way, how many people go around download scripts and
> > blindly executing them without looking at the script contents?

>
> What's that phrase Gump uses - "stupid is as stupid does". :-)
>
> --
> Keith
>

 
 

Thread Tools
Display Modes



< Home - Windows Help - MS Office Help - Hardware Support >


New To Site? Need Help?

All times are GMT. The time now is 02:40 PM.


vBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright © 2005-2013, TechTalkz.com. All Rights Reserved - Privacy Policy
Valid XHTML 1.0 Transitional