16.4. Summary

Windows PowerShell is designed to be "Secure by Default." The default settings provide protection against executing scripts inadvertently or allowing malicious profile files to execute.

The default execution policy is Restricted. Once you make a decision to open up script execution, you need to be aware of the possible dangers of executing scripts whose source is untrusted or whose content is not understood.

The responsibility for which scripts to run is yours!

You can find the current execution policy using the get-executionpolicy cmdlet. You can modify the current execution policy by using the set-executionpolicy cmdlet. The set-executionpolicy cmdlet supports the following values for the execution policy:

  • Restricted (the default)

  • AllSigned

  • RemoteSigned

  • Unrestricted

To sign a PowerShell script, you need a code-signing certificate. I demonstrated how to sign a script using the makecert.exe utility and the set-authenticodesignature cmdlet. You can use the get-authenticodesignature cmdlet to retrieve signature information from a signed cmdlet.

Get Professional Windows® PowerShell now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.