修复PowerShell错误的替代方法“在此系统上禁用脚本的执行”
[英]Alternatives to fix PowerShell error “execution of scripts is disabled on this system”
问题描述
I have a PowerShell script which is written by me. 
我有一个由我编写的PowerShell脚本。 I try to run the PowerShell script as below; 我尝试运行PowerShell脚本,如下所示;
PS C:\Documents and Settings\Administrator>c:\test\Test.ps1
So this is giving me an error saying: 所以这给了我一个错误说:
File c:\\test\\Test.ps1 cannot be loaded because the execution of scripts is disabled on this system.
I found that setting Set-ExecutionPolicy Unrestricted will fix the error. 我发现设置Set-ExecutionPolicy Unrestricted将修复错误。
But my questions are; 但我的问题是;
- What is this signing is about? 签约是关于什么的?
- Can we fix this error without setting
Set-ExecutionPolicy Unrestricted(doing a signing kind of a thing)?我们可以在不设置Set-ExecutionPolicy Unrestricted(做签名类的东西)的情况下修复此错误吗? If so, how to do that?如果是这样,怎么办? - Is there a security issue arise if I set
Set-ExecutionPolicy Unrestrictedin my web server?如果我在Web服务器中设置Set-ExecutionPolicy Unrestricted,是否会出现安全问题?
2 个解决方案
解决方案1
6 已采纳 2013-07-18 04:16:18
Set-ExecutionPolicy causes a system wide change. Set-ExecutionPolicy导致系统范围的更改。 Scripts are possible security vulnerabilities, which is why all script execution is disabled by default. 脚本是可能的安全漏洞,这就是默认情况下禁用所有脚本执行的原因。 One possibility is to launch the PowerShell process from the command line with an execution policy that is only in effect for that specific session. 一种可能性是从命令行启动PowerShell进程,其执行策略仅对该特定会话有效。 The command line would be something like: 命令行将类似于:
> powershell.exe -ExecutionPolicy Unrestricted -File "c:\test\Test.ps1"
You could combine this with signing by leaving the default policy to Restricted and launching PowerShell with RemoteSigned or AllSigned policy when needed. 您可以将此与签名结合使用,将默认策略保留为Restricted,并在需要时使用RemoteSigned或AllSigned策略启动PowerShell。 Some additional information on the powershell.exe command line options is here . 有关powershell.exe命令行选项的一些其他信息,请参见此处 。
解决方案2
3 2013-07-18 03:51:21
If you did what the instructions told you to do you would have gotten a help page that would have told you exactly what you need to do. 如果你按照说明告诉你的那样做了,你会得到一个帮助页面,它会告诉你你需要做什么。
get-help about_signing
In summary, the computer has no way to tell that whoever wrote the script was a trustworthy person, so by default it does not run any untrustworthy scripts. 总之,计算机无法判断编写脚本的人是否值得信赖,因此默认情况下它不会运行任何不值得信任的脚本。 The two ways to fix this is either allow scripts from unknown sources (the solution you found out about by using Set-ExecutionPolicy Unrestricted ) or by " signing " the script proving it came from a trustworthy source and has not been tampered with seance you got it from that source. 修复此问题的两种方法是允许来自未知来源的脚本(您通过使用Set-ExecutionPolicy Unrestricted发现的解决方案)或“ 签署 ”脚本,证明它来自可信赖的来源并且未被篡改您获得的集合来自那个来源。
To sign your own code you will need a code signing certificate. 要签署自己的代码,您需要一个代码签名证书。 Read that about_signing help and there is a section called CREATE A SELF-SIGNED CERTIFICATE that tells you how to do it. 阅读about_signing帮助,有一个名为CREATE A SELF-SIGNED CERTIFICATE ,告诉你如何做到这一点。
After you have the certificate you need to sign your script. 获得证书后,您需要签署脚本。 If you check that same help again there is a section called SIGN A SCRIPT that tells you how to do that too. 如果再次检查相同的帮助,则会出现一个名为SIGN A SCRIPT的部分,告诉您如何执行此操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.