如何使PowerShell提示未签名的脚本

我的环境中的执行策略是

AllSigned

：

PS E:\Temp> Get-ExecutionPolicy AllSigned PS E:\Temp>Get ExecutionPolicy 全部签名 当我尝试执行不受信任的脚本时，它会抛出错误：

& : File C:\temp\anz.ps1 cannot be loaded. The file C:\temp\any.ps1 is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170. At line:1 char:3 + & .\any.ps1 + ~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : SecurityError: (:) [], PSSecurityException + FullyQualifiedErrorId : UnauthorizedAccess &：无法加载文件C:\temp\anz.ps1。文件C:\temp\any.ps1不可用 数字签名。 无法在当前系统上运行此脚本。有关 运行脚本和设置执行策略，请参阅 http://go.microsoft.com/fwlink/?LinkID=135170. 第1行字符数：3 +&.\any.ps1 + ~~~~~~~~~~~~~~~~~~~~~~~~~ +CategoryInfo:SecurityError:（：）[]，PSSecurityException +FullyQualifiedErrorId:未经授权的访问 如何使PowerShell提示我是否要执行脚本

比如：

安全警告
只运行您信任的脚本。虽然来自Internet的脚本可能很有用，但此脚本可能会危害您的计算机。是否要运行。\temp.ps1？
[D] 不运行[R]运行一次[S]暂停：

---

注意：我不想绕过或取消提示。

您可以添加一个函数来首先检查文件：

function Test-FileSafety {
    # This function simply returns $true when the file is ok or the user decided to
    # go ahead and run it even though he/she was warned.
    # If the user decided it was too tricky and bailed out, the function returns $false
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true)]
        [ValidateScript({Test-Path $_ -PathType Leaf})] 
        [Alias ('Path')]
        [string]$FileName
    )

    Add-Type -AssemblyName System.Windows.Forms
    $letsGo = $true

    # first test if the file was downloaded from internet (and was not already unblocked)
    if (Get-Item $FileName -Stream zone*) {
        $message  = "Run only scripts that you trust.`r`n"
        $message += "While scripts from the Internet can be useful this script can potentially harm your computer.`r`n`r`n"
        $message += "Do you want to allow '$FileName' ?"

        $result = [System.Windows.Forms.MessageBox]::Show($message, "Security Warning", 3)
        # evaluate the users response and act upon it
        switch ($result) {
            Yes    { <# user wants to run #> Unblock-File -Path $FileName ; break }
            No     { <# user decided not to run the script #> ; $letsGo = $false; break }
            Cancel { <# user bailed out #> ; $letsGo = $false; break }
        }
    }

    # next test if the file is digitally signed or not
    if ($letsGo -and (Get-AuthenticodeSignature -FilePath $FileName).Status -eq 'NotSigned') {
        $message  = "Run only scripts that you trust.`r`n"
        $message += "The script is not digitally signed.`r`n`r`n"
        $message += "Do you still want to run '$FileName' ?"

        $result = [System.Windows.Forms.MessageBox]::Show($message, "Security Warning", 3)
        # evaluate the users response and act upon it
        switch ($result) {
            Yes    { <# user wants to run even though the script is not digitally signed #> ; break}
            No     { <# user decided it was too dangerous and does not want to run the script #> ; $letsGo = $false; break}
            Cancel { <# user bailed out #> ; $letsGo = $false; break}
        }
    }

    return $letsGo
}

---

您可以尝试以管理员身份在powershell中运行以下命令

修复方法是运行Set ExecutionPolicy并更改执行策略设置

设置ExecutionPolicy-作用域进程-ExecutionPolicy旁路

---

“旁路”意味着不会阻止任何内容，也不会显示任何警告、提示或消息。

执行策略的选项有限，请参阅。您无法生成自定义策略，因此必须选择最适合您的选项。请注意，拥有数字签名并不能保证脚本安全。“我想选择是否运行从Internet下载的此脚本”与“我想选择运行此未签名脚本”不同。下载的脚本可以签名，本地创建的脚本可以不签名。检测文件是否被下载是可能的，但是，正如James提到的，它与执行策略是分开的。感谢您的反馈，1）我看过一些关于脚本未签名时PowerShell提示的帖子：2）目前我已经创建了一个脚本，该脚本在其他机器上生成了上述错误。+1作为答案和您的努力Theo。如果我从客户的角度来看，我只是想向客户建议一些配置，而不是提供Powershell脚本。（…但这也是我的观点…）你的方法似乎也很完美。

if ((Test-FileSafety -FileName "C:\temp\anz.ps1")) {
    # run the script
}
else {
    # do nothing, the user cancelled
}