如何使PowerShell提示未签名的脚本
我的环境中的执行策略是如何使PowerShell提示未签名的脚本,powershell,executionpolicy,Powershell,Executionpolicy,我的环境中的执行策略是AllSigned: PS E:\Temp> Get-ExecutionPolicy AllSigned PS E:\Temp>Get ExecutionPolicy 全部签名 当我尝试执行不受信任的脚本时,它会抛出错误: & : File C:\temp\anz.ps1 cannot be loaded. The file C:\temp\any.ps1 is not digitally signed. You cannot run this script on the
AllSigned
:
PS E:\Temp> Get-ExecutionPolicy
AllSigned
PS E:\Temp>Get ExecutionPolicy
全部签名
当我尝试执行不受信任的脚本时,它会抛出错误:
& : File C:\temp\anz.ps1 cannot be loaded. The file C:\temp\any.ps1 is not
digitally signed.
You cannot run this script on the current system. For more information about
running scripts and setting execution policy, see about_Execution_Policies at
http://go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:3
+ & .\any.ps1
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [], PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess
&:无法加载文件C:\temp\anz.ps1。文件C:\temp\any.ps1不可用
数字签名。
无法在当前系统上运行此脚本。有关
运行脚本和设置执行策略,请参阅
http://go.microsoft.com/fwlink/?LinkID=135170.
第1行字符数:3
+&.\any.ps1
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+CategoryInfo:SecurityError:(:)[],PSSecurityException
+FullyQualifiedErrorId:未经授权的访问
如何使PowerShell提示我是否要执行脚本
比如:
安全警告只运行您信任的脚本。虽然来自Internet的脚本可能很有用,但此脚本可能会危害您的计算机。是否要运行。\temp.ps1?
[D] 不运行[R]运行一次[S]暂停:
注意:我不想绕过或取消提示。您可以添加一个函数来首先检查文件:
function Test-FileSafety {
# This function simply returns $true when the file is ok or the user decided to
# go ahead and run it even though he/she was warned.
# If the user decided it was too tricky and bailed out, the function returns $false
[CmdletBinding()]
Param(
[Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true)]
[ValidateScript({Test-Path $_ -PathType Leaf})]
[Alias ('Path')]
[string]$FileName
)
Add-Type -AssemblyName System.Windows.Forms
$letsGo = $true
# first test if the file was downloaded from internet (and was not already unblocked)
if (Get-Item $FileName -Stream zone*) {
$message = "Run only scripts that you trust.`r`n"
$message += "While scripts from the Internet can be useful this script can potentially harm your computer.`r`n`r`n"
$message += "Do you want to allow '$FileName' ?"
$result = [System.Windows.Forms.MessageBox]::Show($message, "Security Warning", 3)
# evaluate the users response and act upon it
switch ($result) {
Yes { <# user wants to run #> Unblock-File -Path $FileName ; break }
No { <# user decided not to run the script #> ; $letsGo = $false; break }
Cancel { <# user bailed out #> ; $letsGo = $false; break }
}
}
# next test if the file is digitally signed or not
if ($letsGo -and (Get-AuthenticodeSignature -FilePath $FileName).Status -eq 'NotSigned') {
$message = "Run only scripts that you trust.`r`n"
$message += "The script is not digitally signed.`r`n`r`n"
$message += "Do you still want to run '$FileName' ?"
$result = [System.Windows.Forms.MessageBox]::Show($message, "Security Warning", 3)
# evaluate the users response and act upon it
switch ($result) {
Yes { <# user wants to run even though the script is not digitally signed #> ; break}
No { <# user decided it was too dangerous and does not want to run the script #> ; $letsGo = $false; break}
Cancel { <# user bailed out #> ; $letsGo = $false; break}
}
}
return $letsGo
}
您可以尝试以管理员身份在powershell中运行以下命令 修复方法是运行Set ExecutionPolicy并更改执行策略设置 设置ExecutionPolicy-作用域进程-ExecutionPolicy旁路
“旁路”意味着不会阻止任何内容,也不会显示任何警告、提示或消息。执行策略的选项有限,请参阅。您无法生成自定义策略,因此必须选择最适合您的选项。请注意,拥有数字签名并不能保证脚本安全。“我想选择是否运行从Internet下载的此脚本”与“我想选择运行此未签名脚本”不同。下载的脚本可以签名,本地创建的脚本可以不签名。检测文件是否被下载是可能的,但是,正如James提到的,它与执行策略是分开的。感谢您的反馈,1)我看过一些关于脚本未签名时PowerShell提示的帖子:2)目前我已经创建了一个脚本,该脚本在其他机器上生成了上述错误。+1作为答案和您的努力Theo。如果我从客户的角度来看,我只是想向客户建议一些配置,而不是提供Powershell脚本。(…但这也是我的观点…)你的方法似乎也很完美。
if ((Test-FileSafety -FileName "C:\temp\anz.ps1")) {
# run the script
}
else {
# do nothing, the user cancelled
}