http://blogs.msdn.com/b/powershell/archive/2010/02/12/building-on-powershell-execution-policies.aspxOne question we sometimes get asked is why Exchange changes PowerShell’s execution policy from “Restricted” to “RemoteSigned.” Doesn’t that lower PowerShell’s security? The "Restricted" execution policy isn't intended to be something that PowerShellen-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.msdn.com/b/powershell/archive/2010/02/12/building-on-powershell-execution-policies.aspx#10017181Sat, 29 May 2010 00:06:59 GMT91d46819-8472-40ad-a661-2c78acb4018c:10017181David Noble<p>I may be missing something, but it does not appear to me that execution policies work very well with Windows Server 2008 R2 DFS domain shares. Perhaps you know. Why does PowerShell prevent me from running unsigned scripts and loading unsigned configuration files from \\domain\share after I </p> <p> &nbsp; &nbsp;set-executionpolicy remotesigned</p> <p> &nbsp; &nbsp;set-location c:\windows\microsoft.net\framework\v2.0.50727</p> <p> &nbsp; &nbsp;.\caspol.exe -pp off -m -ag 1 -url file://domain/share/* FullTrust -Exclusive on</p> <p>What&#39;s the caspol magic required to enable running unsigned scripts and loading unsigned configuration files from a DFS domain share?</p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=10017181" width="1" height="1">http://blogs.msdn.com/b/powershell/archive/2010/02/12/building-on-powershell-execution-policies.aspx#9968012Tue, 23 Feb 2010 14:42:02 GMT91d46819-8472-40ad-a661-2c78acb4018c:9968012Martin Zugec<p>Hi Lee,</p> <p>first let me tell you that I really like idea of execution policies and I understand how import it is. What I don't like however is that fact how they are implemented.</p> <p>What drives me crazy is following message:</p> <p>&quot;Security Warning</p> <p>Run only scripts that you trust. While scripts from the Internet can be useful, this script</p> <p> can potentially harm your computer.&quot;</p> <p>It is extremely hard to identify sometimes why the script doesn't want to run. Consider following example:</p> <p>PS C:\&gt; 'write-host &quot;Hello world!&quot;' &gt; c:\temp\test.ps1</p> <p>PS C:\&gt; C:\temp\test.ps1</p> <p>Hello world!</p> <p>PS C:\&gt; . \\127.0.0.1\c$\temp\test.ps1</p> <p>Security Warning</p> <p>Run only scripts that you trust. While scripts from the Internet can be useful, this script can potentially harm your</p> <p>computer. Do you want to run \\127.0.0.1\c$\temp\test.ps1?</p> <p>[D] Do not run &nbsp;[R] Run once &nbsp;[S] Suspend &nbsp;[?] Help (default is &quot;D&quot;):</p> <p>At few different customers, I had to fiddle not just with Trusted sites, but also with some registry\GPO settings, environment variables (zone mask) etc etc...</p> <p>In case you use Powershell to write just few functions, it's fine. In case you try to implement it as enterprise standart with hundreds or thousands of scripts, it can become very painful :( Only quick solution in this case is to use Bypass execution policy, which is of course something no one wants to do</p> <p>Martin</p><div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=9968012" width="1" height="1">http://blogs.msdn.com/b/powershell/archive/2010/02/12/building-on-powershell-execution-policies.aspx#9963042Sat, 13 Feb 2010 08:35:59 GMT91d46819-8472-40ad-a661-2c78acb4018c:9963042Joe<p>&quot;Would you like to update the execution policy to allow these scripts to run?&quot;</p> <p>To me this sentenece is absolutly misleading. Of course do I want these scripts to run. But it's most probably not everyones expectation that after clicking &quot;yes&quot; several - possibly thousands - of other scripts are then also alowed to run.</p><div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=9963042" width="1" height="1">