I'd like to propose to the IT department at my organization that we enable PowerShell remoting on our production machines to make administering them easier. I feel that unrestricted access would be much easier than dealing with signing:
>Set-ExecutionPolicy Unrestricted
Is this a big no-no for production machines? Would this open up a major security hole, or would it be safely restricted to those who already only have administrative privileges on the machine?
Best Answer
Personally, I would go with
RemoteSigned
instead ofUnrestricted
. You can read about the differences here.This is the snippet that matters:
RemoteSigned will still let you run in-house scripts without signing, but items distributed via the Internet has to be signed.
All that being said, do you really need to run the actual scripts on the servers? If you're running management tasks from your workstation that modify a server, you don't need to set any of that. These settings only affect scripts run locally on the machine in question.