In this answer, Sam states that in order to get Windows to trust my Powershell profile for execution, every time that I open a PowerShell shell, I should be able to and click "Properties." At the bottom of the dialogue box click "Unblock"
; when I do so, I don't see any unblock checkbox at all.
I also don't want to just be able to run any old script by setting Set-ExecutionPolicy Unrestricted
. I want to just have the functions in my PowerShell profile loaded automatically when I open a PowerShell prompt on select machines on the network.
Instead when I load it I get the following error:
. : File \\redirected.domain.org\Redirected\yy-xxx\My Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 cannot
be loaded because running scripts is disabled on this system. For more information, see about_Execution_Policies at
http://go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:3
+ . '\\redirected.domain.org\Redirected\yy-xxx\My Documents\WindowsPowerShell\Microsof ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [], PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess
It seems to be Microsofts way of preventing you from knowing that you're using a computer and not some glorified piece of paper.
Is there a way to have my powershell profile load up by simply opening Powershell without opening myself to other vulnerabilities?
Best Answer
I think there are two problems.
You can use:
which tells PowerShell to execute local scripts, but not any non-local scripts.
A non-local script can be one that is stored on the local machine, but had been downloaded from the internet and has a
:Zone.Identifier:$DATA 26
in it's NTFS alternate data stream. Theunblock
in the file properties dialog removes that data stream and makes a file 'truly' local. After you've done that you can run it in PowerShell.But it seems your profile is located on a remote server, so it is never local.
You could either copy the profile file to your local machine, and make sure it is unblocked, you can use the
Unblock-File
cmdlet for that.Or you keep your profile file remote but sign it with a digital signature, but for that you need a code-signing certificate that your workstation trusts.