PowerShell for Hackers #3

Profile & Execution Policy

You can create a PowerShell profile to customize your environment and to add session-specific elements to every PowerShell session that you start. It is similar to the .bashrc file in Linux.

A PowerShell profile is a script that runs when PowerShell starts. You can use the profile as a logon script to customize the environment. You can add commands, aliases, functions, variables, snap-ins, modules, and PowerShell drives. You can also add other session-specific elements to your profile so they are available in every session without having to import or re-create them. Read more here.

But we can create and run our scripts in PowerShell we need to learn a little bit about Execution Polic. Remember to start PowerShell with Run as Administrator.

PowerShell's execution policy is a safety feature that controls the conditions under which PowerShell loads configuration files and runs scripts. This feature helps prevent the execution of malicious scripts.

There are so many PowerShell execution policies. The default policy is Restricted for Windows clients. Get help in PowerShell. help Set-ExecutionPolicy -detailed

Default

  • Sets the default execution policy.

  • Restricted for Windows clients.

  • RemoteSigned for Windows servers.

RemoteSigned

  • The default execution policy for Windows server computers.

  • Scripts can run.

  • Requires a digital signature from a trusted publisher on scripts and configuration files that are downloaded from the internet which includes email and instant messaging programs.

  • Doesn't require digital signatures on scripts that are written on the local computer and not downloaded from the internet.

  • Runs scripts that are downloaded from the internet and not signed, if the scripts are unblocked, such as by using the Unblock-File cmdlet.

  • Risks running unsigned scripts from sources other than the internet and signed scripts that could be malicious.

In our case, we need to set RemoteSigned as our policy to run it as a Windows client.

Let's first check the currently set policy in my current profile. It is RemoteSigned but usually, there is Restricted.

Set-ExecutionPolicy RemoteSigned cmdlet can change the currently set policy.