http://blogs.msdn.com/powershell/archive/2008/09/30/powershell-s-security-guiding-principles.aspxOne of most common issues we face with PowerShell comes from users or ISVs misunderstanding PowerShell’s security guiding principles. At a high-level, it seems to all make sense – execution policies help ensure that you only run scripts that you trusten-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/powershell/archive/2008/09/30/powershell-s-security-guiding-principles.aspx#8970720Wed, 01 Oct 2008 00:11:52 GMT91d46819-8472-40ad-a661-2c78acb4018c:8970720martin.zugec<p>Hi Lee,</p> <p>-ExecutionPolicy Bypass is supported only in v2??</p> <p>This could solve a huge problem we have. Running PS scripts in w2k8 environment is not very easy and there are already people asking if we could just use cmd batches instead (PS from SCCM). I understand that Unrestricted will ask you if you wanted to run downloaded script - however you got the same if you run script from network share in secured environment (UNC paths are automatically considered unsecured) :(</p> <p>Martin</p>http://blogs.msdn.com/powershell/archive/2008/09/30/powershell-s-security-guiding-principles.aspx#8970753Wed, 01 Oct 2008 00:37:28 GMT91d46819-8472-40ad-a661-2c78acb4018c:8970753PowerShellTeam<p>Correct. It is only supported in V2.</p> <p>Some machines are configured to treat UNC paths as the same security zone as the internet (as opposed to the intranet.) This is Internet Explorer's &quot;Enhanced Security Configuration.&quot; In this case, PowerShell responds the same as the Explorer Shell when it runs scripts from a UNC path: “While scripts from the internet can be useful, this script can potentially harm your computer. Do you want to run &lt;script&gt;?” </p> <p>One way to fix this is by adding the source server to Internet Explorer’s Trusted Sites, or changing the “UncAsIntranet” configuration property (<a rel="nofollow" target="_new" href="http://technet.microsoft.com/en-us/library/bb457150.aspx">http://technet.microsoft.com/en-us/library/bb457150.aspx</a>). This is also covered on page 341 of the (my) PowerShell Cookbook. </p> <p>Lee</p> http://blogs.msdn.com/powershell/archive/2008/09/30/powershell-s-security-guiding-principles.aspx#8970852Wed, 01 Oct 2008 02:02:41 GMT91d46819-8472-40ad-a661-2c78acb4018c:8970852Frank-Peter Schultze<p>#</p> <p># Add a 'fileserver' to the trusted sites</p> <p>#</p> <p>$RegPath = &quot;HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fileserver&quot;</p> <p>$RegValue = &quot;file&quot;</p> <p>$RegType = &quot;DWord&quot;</p> <p>$RegData = 2</p> <p>New-Item -Path $RegPath</p> <p>New-ItemProperty -Path $RegPath -Name $RegValue -PropertyType $RegType -Value $RegData</p> <p>#</p> <p>#</p> <p>#</p>http://blogs.msdn.com/powershell/archive/2008/09/30/powershell-s-security-guiding-principles.aspx#8971627Wed, 01 Oct 2008 17:06:20 GMT91d46819-8472-40ad-a661-2c78acb4018c:8971627Paul<p>New tagline:</p> <p>&quot;Ultimately, if bad code has the ability to run this code, it already has control of the machine.&quot;</p>http://blogs.msdn.com/powershell/archive/2008/09/30/powershell-s-security-guiding-principles.aspx#9484596Tue, 17 Mar 2009 22:49:47 GMT91d46819-8472-40ad-a661-2c78acb4018c:9484596James Kovacs<p>I’ve been having fun writing about my adventures in PowerShell. I would like to thank everyone for their</p> http://blogs.msdn.com/powershell/archive/2008/09/30/powershell-s-security-guiding-principles.aspx#9487026Wed, 18 Mar 2009 17:56:39 GMT91d46819-8472-40ad-a661-2c78acb4018c:9487026Community Blogs<p>I’ve been having fun writing about my adventures in PowerShell. I would like to thank everyone for their</p>