PowerShell.exe -ExecutionPolicy 绕过 - 脚本中的 Header

Question

I am attempting to easily ByPass PowerShells ExecutionPolicy . I realize one easy fix was to create runme.ps1 and script.ps1 and in runme.ps1 I can Bypass the ExecutionPolicy and call script.ps1 . Is there some way to put this in a "header" of a script and have it call itself while Bypass ing the ExecutionPolicy ?

runme.ps1:

PowerShell.exe -ExecutionPolicy Bypass -File "C:\tmp\script.ps1"

script.ps1:

Write-Host "Hello World"
PAUSE

I'm currently working on some sort if "flag" or "tmpfile" logic and having the script call itself, but I wondered if there was a known/better way or even a possible way to have this be a header in all my scripts so end users can just "run w/ powershell" without prompts.

Addendum's to answer's with elaborations on ExecutionPolicy are welcome, but let's focus on the question.

Discussions on ExecutionPolicy should be focused on the "Security Stack Exchange" and the relevant post is linked here:

https://security.stackexchange.com/questions/118553/whats-the-purpose-of-executionpolicy-settings-in-powershell-if-the-bypass

https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/ :

However, it's important to understand that the setting was never meant to be a security control. Instead, it was intended to prevent administrators from shooting themselves in the foot.

Answer 1

You can create a some kind of trusted launcher (cmd file, or exe file), that will run powershell with --ExecutionPolicy ByPass flag. Or Even you can change behaviour of double-click action to run PowerShell with ByPass policy flag always.

However, settings on computer can be hardened by system administrator in MachinePolicy\ExecutionPolicy or UserPolicy\ExecutionPolicy and you will not be able to override it in normal way.

ExecutionPloicy is configured at 4+1 levels, with priority from High to Low:

> Get-ExecutionPolicy -List

MachinePolicy (Group Policy)
   UserPolicy (Group Policy)
      Process (Configured using powershell -ExecutionPolicy flag for new process only)
  CurrentUser (User settings)
 LocalMachine (Computer settings)

When you run PowerShell with ByPass flag, you actually set Process -level ExecutionPolicy that overrides CurrentUser and LocalMachine setings, but can be hardened at UserPolicy or MachinePolicy level managed by local or domain Group Policies.

---

Better way is to comfigure user policies using group policy to allow run only AllSigned or RemoteSigned scripts, generate a certificate New-SelfSignedCertificate -Type CodeSigning for 100 years, deploy it using GPO as Trusted Publisher per computer and sign using Set-AuthenticodeSignature every script you deploy to users.

Answer 2

TLDR;

PowerShell.exe -ExecutionPolicy Bypass -File "C:\circumvent\industry\standard.ps1" 2>&1>$null

I wanted to share scripts and be able to say "right click and run w/ powershell" which is already worse then batch scripts where I say "double click the file" (people always get that one.).

The solution came to me because I had a PAUSE in my main script to read console output and I noticed that after my main script called script.ps1 that I received an additional PAUSE prompt from the "main/parent" script. Which made me realize, that the parent script was able to continue after calling child script. Ergo, call nonexistent script and pipe output to null! & continue on merrily.

Example Scenario:

The following script wouldn't run via "right-click, Run w/ PowerShell" after a fresh reboot and I got the standard "Execution Policy Prompt":

script.ps1

Write-Host "Calling Scripts? No Problem!"
PAUSE

The following worked after a fresh reboot:

PowerShell.exe -ExecutionPolicy Bypass -File "C:\circumvent\industry\standard.ps1" 2>&1>$null
ECHO "This Script Won't Run Without Line 1" 
ECHO "I had fun to try to circumvent an industry standard" 
ECHO "I Learned a lot about PowerShell ExecutionPolicy"
C:\tmp\script.ps1
PAUSE

Result:

This Script Won't Run Without Line 1
I had fun to try to circumvent an industry standard
I Learned a lot about PowerShell ExecutionPolicy
Calling Scripts? No Problem!
Press Enter to continue...:

Update based on @BACON's comment, this is truly only possible with "run w/ powershell" via the "context menu". I tried setting "powershell" as the default app for .ps1 and not only did it not work, but the context menu removed the "run w/ powershell" option!

Thankfully, end users will have default settings and/or sysadmins will know how to resolve already.

Something I didn't test originally, but wanted to know how "circumventy" this solution really was is try using just PowerShell.exe -ExecutionPolicy Bypass in the header. This resulted in the script not running, therefor it must be assigned a -File but has no effect if File doesn't exist and allows script to continue executing.