PowerShell and Security

PowerShell, like any powerful admin tool, has the potential to do a lot of damage to a system if used incorrectly. You can use PowerShell to remove key files, remove or modify Registry settings, delete certificates, and so on—all of which can be dangerous.

To minimize the risks, the PowerShell team took the following steps:

  1. PowerShell is not installed by default—there's no "backdoor" installations that malware vendors could rely on.

  2. The PowerShell script file with the .PS1 extension is associated with Notepad rather than with PowerShell. Double-clicking on a script opens Notepad with the script to edit as opposed to executing script that could otherwise be malware.

  3. PowerShell's execution policy is set by default to "restricted". This means you cannot run any script from inside PowerShell. You can easily change this by using the set-executionpolicy cmdlet to a less secure setting.

  4. To stop local admins or users from setting the execution policy to unrestricted and running malevolent scripts, you can use Group Policy to set PowerShell's execution policy.

This level of security may seem like a lot of hassle for an administrator, but the approach goes a long way beyond reasonable means to avoid self-inflicted damage.

Get Windows Server 2008: The Definitive Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial