The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My work

  • My badges

  • Twitter Updates

    • G+ These are the command-line parameters I assembled to get close to “Ultra” compression from the 7-zip... 1 hour ago
    • Getting close to 7zip GUI “Ultra” compression from a batch file… 1 hour ago
    • RT @Nick_Craver: Nothing of what I planned to do today got done. Nothing. Nothing at all. But we kept the error count under 2.5 million beh… 9 hours ago
    • RT @kellabyte: I really don’t get the harsh criticism around Intel 3D XPoint. Yes they didn’t deliver persisted RAM. They did deliver 8x… 9 hours ago
    • G+ “Some managers just don’t recognize how profound the differences between their people are; others don’t... 10 hours ago
  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,347 other followers

PowerShell: fixing script signing errors even after you had “Set-ExecutionPolicy RemoteSigned”

Posted by jpluimers on 2013/06/27

Once every while PowerShelll users get an error like this:

PS C:\bin> . .\DownloadedScript.ps1
. : File C:\bin\DownloadedScript.ps1 cannot be loaded.
The file C:\bin\DownloadedScript.ps1 is not digitally signed.
The script will not execute on the system. For more information, see about_Execution_Policies at
At line:1 char:3
+ . .\DownloadedScript.ps1
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [], PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess
PS C:\bin>

I recently had it too, but was surprised this happened as I took the steps in my previous blog posts on this topic:

The execution policy was correct:

PS C:\bin> Get-ExecutionPolicy -List

                                  Scope                         ExecutionPolicy
                                  -----                         ---------------
                          MachinePolicy                               Undefined
                             UserPolicy                               Undefined
                                Process                               Undefined
                            CurrentUser                            RemoteSigned
                           LocalMachine                               Undefined

So what gave PowerShell the idea that this was not a local script?

Well: I gave the hint away with the script’s filename: DownloadedScript.ps1.

In fact I downloaded the script from the internet, so it had a “Zone.Identifier” NTFS alternate datastream. I wrote about those before as well, but in a different context: Windows: killing the Zone.Identifier NTFS alternate data stream from a file to prevent security warning popup.

Killing the ADS was easy:

C:\bin>list-Zone.Identifier-$DATA-stream-from-internet-download.bat DownloadedScript.ps1
   :Zone.Identifier:$DATA       26

C:\bin>show-Zone.Identifier-$DATA-stream-from-internet-download.bat DownloadedScript.ps1
C:\bin>more  0<DownloadedScript.ps1:Zone.Identifier

C:\bin>kill-Zone.Identifier-$DATA-stream-from-internet-download.bat DownloadedScript.ps1

Streams v1.56 - Enumerate alternate NTFS data streams
Copyright (C) 1999-2007 Mark Russinovich
Sysinternals -

   Deleted :Zone.Identifier:$DATA

Now the script runs fine (:

PS: a small table of ZoneId values from URLZONE enumeration (Windows), via Code rant: Detecting and Changing a File’s Internet Zone in .NET: Alternate Data Streams:

  • 1000 = URLZONE_USER_MIN,
  • 10000 = URLZONE_USER_MAX



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: