Friday, March 31, 2017

A Safer Way Of Running Unsigned Powershell Scripts

There is no doubt that as a company you should have setup a way of signing all the PowerShell script you are intending to run in your production environment.
But as we all known there will be situation where you want to run unsigned code, or maybe you are testing things out before you are ready to sign them.


No matter the reason why, but if you do need to run scripts in unrestricted or another scope mode you should try to keep it as secure as possible. Examples for how to think security could be:
  • Do not make the change permanent
  •  Limit the timeframe and scope of the changed setting
There are different ways of doing this, Two of the methods I use are based on running just the current process in unrestricted mode.
This can be easily done by adding a “-Scope” to the command.

In PowerShell:

When you have started PowerShell and need to change the execution mode you can use the following line:
Set-ExecutionPolicy unrestricted -scope process; ./Favorit_Tool_v2.1.ps1 
(use full path if you’re not in the folder with the script)
If you want to start PowerShell with the scope set, you can use:

PowerShell.exe -ExecutionPolicy Unrestricted
In the first scenario only the “Favorit_Tool_v2.1.ps1” are run in unrestricted mode, all following command will be run under default of set mode.
The second scenario the entire session will from now until the session are ended, or the scope are modified again, continue to run with execution policy set to unrestricted.


If you want to verify policy setting just run:
 Get-ExecutionPolicy
A Different way of doing a limitation of the escalation to run as a “one event” process is by starting it from the command prompt.

From CMD:

Running a script from command prompt will ensure that the process is ended when the script is finished.
Powershell Set-ExecutionPolicy unrestricted -scope process; ./Favorit_Tool_v2.1.ps1
(use full path if you’re not in the folder with the script)




Understanding PowerShell execution policies:

To get a better under understanding of PowerShell execution policies you can follow THIS link

Exchange: Find mailboxes without language settings and fix it without messing up the correct once

Had some users that had problem setting up Outlook profile. When they logged on to the web mail interface they where asked about regional se...