Cyber Security

PowerShell Execution Policy: Unblock Files | Security Zones

By on ( 1 Comment )

PowerShell’s execution policy is a safety feature that controls the conditions under which PowerShell loads configuration files and runs scripts. This feature helps prevent the execution of malicious scripts.

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.2

Well, this is the official description of the Execution Policy. The Policy is set to RemoteSigned on Windows Sever operations systems and it is set to Restricted on Windows Client operating systems. In this blog post I want to show an example on how to find out the Security Zone of a file and – if needed – unblock this file.

Downloading Files from the Internet

Let’s start downloading a file from the internet.

The execution Policy on my system is set to RemoteSigned. That means that all scripts that were downloaded from the internet must be signed with a certificate from a trusted publisher. In my case, the publisher is not trusted.

Let’s do the check. I try to run this script.

This is what we expected. We are not able to run the script.

The file C:\Users\PatrickGruenauersid-\Downloads\if_elseif.ps1 is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at https://go.microsoft.com/fwlink/?LinkID=135170.

Collecting information about this file

Now let’s take a deeper look at this downloaded file.

Get-Content C:\Users\PatrickGruenauersid-\Downloads\if_elseif.ps1 -Stream Zone.Identifier

This file refers to ZoneId=3. What is ZoneId 3?

[enum]::GetValues([System.Security.SecurityZone]) + [enum]::GetValues([System.Security.SecurityZone]).value__

Zone Id = 3 is Internet Zone. Remember we start at 0. 😉

What’s next? We could change the execution policy or unblock the file.

Unblock-File

Fortunately, there is a cmdlet to unblock files.

Unblock-File C:\Users\PatrickGruenauersid-\Downloads\if_elseif.ps1 -Verbose

Nice one. Now we are able to run the file.

Unblock multiple Files

Last but not least, I want to show you a piece of code that performs bulk operations. Run this code to unblock multiple ps1 files in your downloads folder:

$ps1files = Get-ChildItem $home\downloads\*.ps1

foreach ($i in $ps1files) {

    Unblock-File -Path $i.FullName -Verbose
}

That’s it for today.

Categories: Cyber Security, PowerShell

Tagged as: , ,

Published by Patrick Gruenauer

Microsoft MVP on PowerShell [2018-2024], IT-Trainer, IT-Consultant, MCSE: Cloud Platform and Infrastructure, Cisco Certified Academy Instructor.

1 reply »

  1. Bonnjour Patrick,
    Franchement je me régale avec tous les supports que tu as mis sur ton site c’est un vrai régale et grâce à toi je progresse tous les jours et te remercie pour tout ça ton site est vraiment une pépite j’en ai rarement vu comme celui-ci encore Merci du fond du Coeur Patrick
    Francky

    Liked by 1 person

    Reply

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.