[英]Alternatives to fix PowerShell error “execution of scripts is disabled on this system”
I have a PowerShell script which is written by me. 我有一个由我编写的PowerShell脚本。 I try to run the PowerShell script as below;
我尝试运行PowerShell脚本,如下所示;
PS C:\Documents and Settings\Administrator>c:\test\Test.ps1
So this is giving me an error saying: 所以这给了我一个错误说:
File c:\\test\\Test.ps1 cannot be loaded because the execution of scripts is disabled on this system.
无法加载文件c:\\ test \\ Test.ps1,因为在此系统上禁用了脚本的执行。 Please see "get-help about_signing" for more details.
有关详细信息,请参阅“get-help about_signing”。
I found that setting Set-ExecutionPolicy Unrestricted
will fix the error. 我发现设置
Set-ExecutionPolicy Unrestricted
将修复错误。
But my questions are; 但我的问题是;
Set-ExecutionPolicy Unrestricted
(doing a signing kind of a thing)? Set-ExecutionPolicy Unrestricted
(做签名类的东西)的情况下修复此错误吗? If so, how to do that? Set-ExecutionPolicy Unrestricted
in my web server? Set-ExecutionPolicy Unrestricted
,是否会出现安全问题? Set-ExecutionPolicy
causes a system wide change. Set-ExecutionPolicy
导致系统范围的更改。 Scripts are possible security vulnerabilities, which is why all script execution is disabled by default. 脚本是可能的安全漏洞,这就是默认情况下禁用所有脚本执行的原因。 One possibility is to launch the PowerShell process from the command line with an execution policy that is only in effect for that specific session.
一种可能性是从命令行启动PowerShell进程,其执行策略仅对该特定会话有效。 The command line would be something like:
命令行将类似于:
> powershell.exe -ExecutionPolicy Unrestricted -File "c:\test\Test.ps1"
You could combine this with signing by leaving the default policy to Restricted and launching PowerShell with RemoteSigned or AllSigned policy when needed. 您可以将此与签名结合使用,将默认策略保留为Restricted,并在需要时使用RemoteSigned或AllSigned策略启动PowerShell。 Some additional information on the powershell.exe command line options is here .
有关powershell.exe命令行选项的一些其他信息,请参见此处 。
If you did what the instructions told you to do you would have gotten a help page that would have told you exactly what you need to do. 如果你按照说明告诉你的那样做了,你会得到一个帮助页面,它会告诉你你需要做什么。
get-help about_signing
In summary, the computer has no way to tell that whoever wrote the script was a trustworthy person, so by default it does not run any untrustworthy scripts. 总之,计算机无法判断编写脚本的人是否值得信赖,因此默认情况下它不会运行任何不值得信任的脚本。 The two ways to fix this is either allow scripts from unknown sources (the solution you found out about by using
Set-ExecutionPolicy Unrestricted
) or by " signing " the script proving it came from a trustworthy source and has not been tampered with seance you got it from that source. 修复此问题的两种方法是允许来自未知来源的脚本(您通过使用
Set-ExecutionPolicy Unrestricted
发现的解决方案)或“ 签署 ”脚本,证明它来自可信赖的来源并且未被篡改您获得的集合来自那个来源。
To sign your own code you will need a code signing certificate. 要签署自己的代码,您需要一个代码签名证书。 Read that
about_signing
help and there is a section called CREATE A SELF-SIGNED CERTIFICATE
that tells you how to do it. 阅读
about_signing
帮助,有一个名为CREATE A SELF-SIGNED CERTIFICATE
,告诉你如何做到这一点。
After you have the certificate you need to sign your script. 获得证书后,您需要签署脚本。 If you check that same help again there is a section called
SIGN A SCRIPT
that tells you how to do that too. 如果再次检查相同的帮助,则会出现一个名为
SIGN A SCRIPT
的部分,告诉您如何执行此操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.