Powershell – Ignore ‘Security Warning’ running script from command line

powershellSecurity

I am trying to execute a script from shared folder that I trust:

PowerShell -file "\\server\scripts\my.ps1"

But I get a security warning, and have to press 'R' to continue

Security Warning Run only scripts that
you trust. While scripts from the
Internet can be useful, this script
can potentially harm your computer. Do
you want to run
\server\scripts\my.ps1? [D] Do not
run [R] Run once [S] Suspend [?]
Help (default is "D"): d

Can I ignore this warning? The desired pseudo code I want is:

PowerShell -IGNORE_SECURITY_WARNING -file "\\server\scripts\my.ps1"

Best Answer

This is touched in "PowerShell Execution Policies in Standard Images" on Lee Holmes' Blog and "PowerShell’s Security Guiding Principles" on the Windows Power Shell Blog .

Summary Some machines treat UNC paths as the big bad internet, so PowerShell treats them as remote files. You can either disable this feature on those servers (UncAsIntranet = 0,) or add the remote machines to your trusted hosts.

If you want to do neither, PowerShell v2 supports an -ExecutionPolicy parameter that does exactly what your pseudocode wants. PowerShell -ExecutionPolicy Bypass -File (...).

Related Solutions

Powershell – How to handle command-line arguments in PowerShell

You are reinventing the wheel. Normal PowerShell scripts have parameters starting with -, like script.ps1 -server http://devserver

Then you handle them in param section in the beginning of the file.

You can also assign default values to your params, read them from console if not available or stop script execution:

 param (
    [string]$server = "http://defaultserver",
    [Parameter(Mandatory=$true)][string]$username,
    [string]$password = $( Read-Host "Input password, please" )
 )

Inside the script you can simply

write-output $server

since all parameters become variables available in script scope.

In this example, the $server gets a default value if the script is called without it, script stops if you omit the -username parameter and asks for terminal input if -password is omitted.

Update: You might also want to pass a "flag" (a boolean true/false parameter) to a PowerShell script. For instance, your script may accept a "force" where the script runs in a more careful mode when force is not used.

The keyword for that is [switch] parameter type:

 param (
    [string]$server = "http://defaultserver",
    [string]$password = $( Read-Host "Input password, please" ),
    [switch]$force = $false
 )

Inside the script then you would work with it like this:

if ($force) {
  //deletes a file or does something "bad"
}

Now, when calling the script you'd set the switch/flag parameter like this:

.\yourscript.ps1 -server "http://otherserver" -force

If you explicitly want to state that the flag is not set, there is a special syntax for that

.\yourscript.ps1 -server "http://otherserver" -force:$false

Links to relevant Microsoft documentation (for PowerShell 5.0; tho versions 3.0 and 4.0 are also available at the links):

Security warning when opening file from network share

In Internet Explorer:

Tools menu --> Internet Options --> Security tab
Click Local Intranet icon to select it
Click Sites
Check Automatically detect intranet network
Click Advanced
In the Add this website to the zone: text box type file://computername or IP (in your case file://path).
Click Add
Click Close, OK, and OK again to exit Internet Options.

Alternatively, you may uncheck the Automatically detect intranet network, and check the other three checkboxes. This saves you from having to enter each machine name manually, but allowing all network paths is probably not secure.

Also see http://local.nu/HelpDesk/index.php/Open_File_-_Security_Warning

Best Answer

Related Solutions

Powershell – How to handle command-line arguments in PowerShell

Security warning when opening file from network share

Related Topic