stackoom
  简体   繁体   中英

Is it acceptable to programmatically enable Powershell?

 原文  2013-08-30 15:12:58       windows/ powershell/ usb

Question

I've recently discovered that by default, execution of powershell scripts is disabled. I was going to rely on it to safely remove a USB device from Windows, however if it's not enabled by default, I'd have to enable it first. Is it generally acceptable to do such things?

Alternative solutions are also welcome.

This question follows: https://superuser.com/questions/637854/safely-remove-a-usb-drive-using-bat-file/637878

2 answers

solution1
 3  2013-08-30 16:17:39

I would not enable the execution of scripts globally on a machine just because your app wants to use it. That's an IT/Security policy decision, and they shouldn't be forced to accept your decision simply by using your software. If you're calling a PowerShell runspace from within a .NET app, you shouldn't need to worry about the execution policy since you can run your commands without calling to a separate .ps1 script. If you need to call powershell.exe and give it a script file, look at -ExecutionPolicy Bypass . About_Executionpolicies says this about Bypass: 

  - Nothing is blocked and there are no warnings or prompts. 
        - This execution policy is designed for configurations
          in which a Windows PowerShell script is built in to a
          a larger application or for configurations in which
          Windows PowerShell is the foundation for a program
          that has its own security model.

solution2
 2 ACCPTED  2013-08-30 15:25:55

MS used to deliver systems that were 'ready-to-exploit'. They got smarter about it, and take security much more seriously. So they now disable many features by default.

As for PowerShell, the default 'execution policy' by default did not allow scripts to be run. However, on a command line you could bypass the execution policy all together (ie. without changing it) as long you have permissions to do so:

PowerShell -ExecutionPolicy Bypass -file yourfile.ps1

If you are an administrator of the machine, it's perfectly OK to enable it and use it. If you are just an app-owner, you should probably consult with the administrator to change the policy, but as noted above, you may not need to.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Programmatically Enable / Disable Connection Programmatically disable/enable network interface How to enable FSRM quota with PowerShell Disable/Enable powershell with reg key How to enable/disable Windows Features programmatically What is the best way to enable Windows feature programmatically? How to enable/disable Windows startup items programmatically? Enable\Disable Local Group policies with powershell Enable TLS and Disable SSL via PowerShell script To get full path of powershell.exe programmatically
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM