Running PowerShell Scripts
What you need to know about PowerShell's “secure by default” philosophy
As you probably know, PowerShell is Microsoft's latest Windows operating system (OS)
shell and scripting tool. A shell is a program that provides a user interface for the OS.
When we're talking about PowerShell, the "shell" part usually refers to its command-line
interface (CLI). A CLI is a basic user interface that lets you enter a command (or a series
of commands) at a prompt. When you press Enter, the shell performs an action, then the
CLI displays the prompt again and waits for another command.
At first, a CLI might not seem as efficient as a graphical user interface (GUI) because you
have to type in commands, making sure of spelling, spacing, quotes, etc. However,
command shells have always supported some form of batch execution, which is also called
scripting. A script is simply a list of commands stored in a text file you can execute on
demand. PowerShell is no exception—although PowerShell is an excellent CLI, it becomes
even more flexible with the use of scripts. A PowerShell script is simply a text file with a
.ps1 extension that contains a list of commands PowerShell should execute.
However, PowerShell's secure by default philosophy prevents all scripts from running, so
double-clicking a PowerShell script from Windows Explorer won't execute it. Also,
PowerShell doesn't execute scripts from the current directory. The good news is that you
don't have to be a PowerShell guru if all you want to do is run PowerShell scripts. Simply
follow these steps:
1) Install Windows PowerShell.
2) Set PowerShell's execution policy.
3) Run your PowerShell scripts, keeping a few important details in mind.
Install Windows PowerShell
If you have Windows 7 or later, you don't need to install PowerShell because it
comes preinstalled with the OS. If you're using Windows Vista or earlier, you need
to download and install PowerShell. Windows XP and Windows Server 2003 also
require the Microsoft .NET Framework 2.0. (The .NET Framework 2.0 SP1 is required
for PowerShell 2.0.) You can find the links to the downloads on the "Scripting with
Windows PowerShell" web page.
Set PowerShell's Execution Policy
As I mentioned previously, PowerShell is secure by default. The first implication of
this philosophy is that PowerShell won't execute scripts until you explicitly give it
permission to do so. PowerShell has four execution policies that govern how it
should execute scripts:
Restricted. PowerShell won't run any scripts. This is PowerShell's default
AllSigned. PowerShell will only run scripts that are signed with a digital
signature. If you run a script signed by a publisher PowerShell hasn't seen
before, PowerShell will ask whether you trust the script's publisher.
RemoteSigned. PowerShell won't run scripts downloaded from the Internet
unless they have a digital signature, but scripts not downloaded from the
Internet will run without prompting. If a script has a digital signature,
PowerShell will prompt you before it runs a script from a publisher it hasn't
Unrestricted. PowerShell ignores digital signatures but will still prompt you
before running a script downloaded from the Internet.
To display the current execution policy, you need to enter the command
at a PowerShell prompt (which will look like PS C:\> assuming the current location is
C:\). To set the execution policy, enter the command
where policy is one of the policy names (e.g., RemoteSigned).
Setting the execution policy requires administrator permissions. In Vista and later,
you must run PowerShell with elevated permissions if you're already an
administrator and User Account Control (UAC) is enabled. To run PowerShell under
elevated permissions in Vista and later, right-click its shortcut and choose Run as
administrator, as Figure 1 shows.
Figure 1: Running PowerShell under
elevated permissions in Vista and later
If you're logged on to XP or Windows 2003 as a standard user, you can right-click
the PowerShell shortcut, choose Run as, and enter administrator account