The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My work

  • My badges

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming

    20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now

    20140424-Windows-7-free-disk-space

    More Photos
  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,315 other followers

Enabling powershell to run unsigned scripts for the current user only (via: Absoblogginlutely!)

Posted by Jeroen Pluimers on 2012/03/21

More than a year ago, I wrote about enabling PowerShell to run unsigned scripts, and a way to circumvent the “cannot be loaded because the execution of scripts is disabled on this system” error.

The solution  there uses the Set-ExecutionPolicy cmdlet, but only works for administrators. As of PowerShell 2.0, there is more fine grained control for the Set-ExecutionPolicy cmdlet, and an updated Set-ExecutionPolicy cmdlet topic which I overlooked.

The solution below shows what happens when the current user is not an administrator, and works around it by applying it only for the current user.

error message:

Set-ExecutionPolicy : Access to the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' is denied.

Sure enough I don’t have permission to this registry key.

I checked with our admin to ensure this wasn’t set in group policy before I started fiddling around. Found out that there is another setting that is user specific that can be set with

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned

This will allow the current user to run unsigned scripts he wrote himself, but still require remote (for instance downloaded) scripts to be signed.

Note it is easy to strip the “remote” flag of a downloaded script: NTFS keeps this flag in the Zone:Identifier NTFS alternate data stream.
Only do that for scripts you trust.

–jeroen

via: Absoblogginlutely! » Enabling powershell to run scripts with registry permissions..

4 Responses to “Enabling powershell to run unsigned scripts for the current user only (via: Absoblogginlutely!)”

  1. […] Enabling powershell to run unsigned scripts for the current user only (via: Absoblogginlutely!). […]

  2. [...] took me a while to google an answer to this, but what helped me was this great post by Jeroen W. [...]

  3. Great! This also happens to be the way to get Powershell scripts to run on a Windows RT device like my ARM based Surface :)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

Join 1,315 other followers

%d bloggers like this: