[英]PowerShell.exe -ExecutionPolicy Bypass - Header in Script
I am attempting to easily ByPass
PowerShells ExecutionPolicy
.我试图轻松ByPass
PowerShells ExecutionPolicy
。 I realize one easy fix was to create runme.ps1
and script.ps1
and in runme.ps1
I can Bypass
the ExecutionPolicy
and call script.ps1
.我意识到一个简单的解决方法是创建runme.ps1
和script.ps1
并且在runme.ps1
我可以Bypass
ExecutionPolicy
并调用script.ps1
。 Is there some way to put this in a "header" of a script and have it call itself while Bypass
ing the ExecutionPolicy
?有没有办法将它放在脚本的“标题”中并让它在Bypass
ExecutionPolicy
时调用自己?
runme.ps1:运行me.ps1:
PowerShell.exe -ExecutionPolicy Bypass -File "C:\tmp\script.ps1"
script.ps1:脚本.ps1:
Write-Host "Hello World"
PAUSE
I'm currently working on some sort if "flag" or "tmpfile" logic and having the script call itself, but I wondered if there was a known/better way or even a possible way to have this be a header in all my scripts so end users can just "run w/ powershell" without prompts.我目前正在研究某种“标志”或“tmpfile”逻辑并让脚本自行调用,但我想知道是否有一种已知/更好的方法甚至可能的方法在我的所有脚本中让它成为 header因此最终用户可以在没有提示的情况下“运行 w/powershell”。
Addendum's to answer's with elaborations on ExecutionPolicy
are welcome, but let's focus on the question.欢迎补充对ExecutionPolicy
的详细说明,但让我们专注于这个问题。
Discussions on ExecutionPolicy
should be focused on the "Security Stack Exchange" and the relevant post is linked here:关于ExecutionPolicy
的讨论应该集中在“Security Stack Exchange”上,相关帖子链接在这里:
https://security.stackexchange.com/questions/118553/whats-the-purpose-of-executionpolicy-settings-in-powershell-if-the-bypass https://security.stackexchange.com/questions/118553/whats-the- purpose-of-executionpolicy-settings-in-powershell-if-the-bypass
https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/ : https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/ :
However, it's important to understand that the setting was never meant to be a security control.但是,重要的是要了解该设置从来都不是安全控制。 Instead, it was intended to prevent administrators from shooting themselves in the foot.相反,它旨在防止管理员在脚下开枪。
You can create a some kind of trusted launcher (cmd file, or exe file), that will run powershell with --ExecutionPolicy ByPass
flag.您可以创建某种受信任的启动器(cmd 文件或 exe 文件),它将使用--ExecutionPolicy ByPass
标志运行 powershell。 Or Even you can change behaviour of double-click
action to run PowerShell with ByPass policy flag always.或者,您甚至可以更改double-click
操作的行为,以始终使用 ByPass 策略标志运行 PowerShell。
However, settings on computer can be hardened by system administrator in MachinePolicy\ExecutionPolicy
or UserPolicy\ExecutionPolicy
and you will not be able to override it in normal way.但是,系统管理员可以在MachinePolicy\ExecutionPolicy
或UserPolicy\ExecutionPolicy
中强化计算机上的设置,您将无法以正常方式覆盖它。
ExecutionPloicy is configured at 4+1 levels, with priority from High to Low: ExecutionPloicy 配置为 4+1 级别,优先级从高到低:
> Get-ExecutionPolicy -List
MachinePolicy (Group Policy)
UserPolicy (Group Policy)
Process (Configured using powershell -ExecutionPolicy flag for new process only)
CurrentUser (User settings)
LocalMachine (Computer settings)
When you run PowerShell with ByPass flag, you actually set Process
-level ExecutionPolicy that overrides CurrentUser
and LocalMachine
setings, but can be hardened at UserPolicy
or MachinePolicy
level managed by local or domain Group Policies.当您使用 ByPass 标志运行 PowerShell 时,您实际上设置了覆盖CurrentUser
和LocalMachine
设置的Process
级别的 ExecutionPolicy,但可以在由本地或域组策略管理的UserPolicy
或MachinePolicy
级别进行强化。
Better way is to comfigure user policies using group policy to allow run only AllSigned
or RemoteSigned
scripts, generate a certificate New-SelfSignedCertificate -Type CodeSigning
for 100 years, deploy it using GPO as Trusted Publisher
per computer and sign using Set-AuthenticodeSignature
every script you deploy to users.更好的方法是使用组策略配置用户策略以允许仅运行AllSigned
或RemoteSigned
脚本,生成证书New-SelfSignedCertificate -Type CodeSigning
100 年,使用 GPO 作为每台计算机的Trusted Publisher
者部署它,并使用Set-AuthenticodeSignature
签名您的每个脚本部署给用户。
TLDR; TLDR;
PowerShell.exe -ExecutionPolicy Bypass -File "C:\circumvent\industry\standard.ps1" 2>&1>$null
I wanted to share scripts and be able to say "right click and run w/ powershell" which is already worse then batch scripts where I say "double click the file" (people always get that one.).我想分享脚本并能够说“右键单击并运行 w/powershell”,这已经比我说“双击文件”的批处理脚本更糟糕(人们总是得到那个。)。
The solution came to me because I had a PAUSE
in my main script to read console output and I noticed that after my main script called script.ps1
that I received an additional PAUSE
prompt from the "main/parent" script.解决方案来找我是因为我的主脚本中有一个PAUSE
来读取控制台 output,我注意到在我的主脚本调用script.ps1
之后,我收到了来自“主/父”脚本的额外PAUSE
提示。 Which made me realize, that the parent script was able to continue after calling child script.这让我意识到,调用子脚本后父脚本能够继续。 Ergo, call nonexistent script and pipe output to null!
因此, call nonexistent script and pipe output to null!
& continue on merrily. &继续快乐。
Example Scenario:示例场景:
The following script wouldn't run via "right-click, Run w/ PowerShell" after a fresh reboot and I got the standard "Execution Policy Prompt":重新启动后,以下脚本不会通过“右键单击,使用 PowerShell 运行”运行,我得到了标准的“执行策略提示”:
script.ps1脚本.ps1
Write-Host "Calling Scripts? No Problem!"
PAUSE
The following worked after a fresh reboot:重新启动后以下工作:
PowerShell.exe -ExecutionPolicy Bypass -File "C:\circumvent\industry\standard.ps1" 2>&1>$null
ECHO "This Script Won't Run Without Line 1"
ECHO "I had fun to try to circumvent an industry standard"
ECHO "I Learned a lot about PowerShell ExecutionPolicy"
C:\tmp\script.ps1
PAUSE
Result:结果:
This Script Won't Run Without Line 1
I had fun to try to circumvent an industry standard
I Learned a lot about PowerShell ExecutionPolicy
Calling Scripts? No Problem!
Press Enter to continue...:
Update based on @BACON's comment, this is truly only possible with "run w/ powershell" via the "context menu".根据@BACON 的评论进行更新,这确实只有通过“上下文菜单”通过“使用 powershell 运行”才能实现。 I tried setting "powershell" as the default app for .ps1
and not only did it not work, but the context menu removed the "run w/ powershell" option!我尝试将“powershell”设置为.ps1
的默认应用程序,但它不仅不起作用,而且上下文菜单删除了“使用 powershell 运行”选项!
Thankfully, end users will have default settings and/or sysadmins will know how to resolve already.值得庆幸的是,最终用户将拥有默认设置和/或系统管理员将知道如何解决。
Something I didn't test originally, but wanted to know how "circumventy" this solution really was is try using just PowerShell.exe -ExecutionPolicy Bypass
in the header.我最初没有测试的东西,但想知道这个解决方案的真正“规避”是尝试在 header 中仅使用PowerShell.exe -ExecutionPolicy Bypass
。 This resulted in the script not running, therefor it must be assigned a -File
but has no effect if File doesn't exist and allows script to continue executing.这导致脚本无法运行,因此必须为其分配一个-File
但如果 File 不存在并允许脚本继续执行则无效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.