Is setting ExecutionPolicy to Unrestricted for CurrentUser a security breach?

About

Asked 11/4, 2018 at 10:42 Answered 11/4, 2018 at 15:48

Solved powershell security windows-10 executionpolicy

I have a couple of aliases I like to have in my PowerShell on my Windows 10.

I want them to persist between sessions, so I have put them in a profile.ps1 file under C:\Users{username}\Documents\WindowsPowerShell.

I am getting this annoying "cannot be loaded because running scripts is disabled on this system." error message, and have found this page on how to get rid of it: https://social.technet.microsoft.com/Forums/en-US/3e4a9006-d47d-4e19-96f4-10327ae0c5b1/not-able-to-run-script-in-windows-10?forum=winserverpowershell

In here someone says that this line will help:

Set-ExecutionPolicy Unrestricted -Scope CurrentUser -Force -Verbose

But is it hazardous to just set the execution policy to unrestricted for my user?

Jasonjasper answered 11/4, 2018 at 10:42 Comment(3)

I'm actually planning to vote to close this as primarily opinion based. So here are my opinions. Is it less safe? Most definitely. Is it a security breach? Well, that depends on your definition of security breach. Personally I set my execution policy to RemoteSigned. This means I can have a profile but cannot run scripts that are downloaded from the internet without first changing their ADS. – Judenberg 11/4, 2018 at 12:16

Actually having a profile isn't the reason I use RemoteSigned. I realized that might be misleading. I could sign the profile if I wanted to. The reason I use RemoteSigned is that I often spend my day testing techniques in powershell and showing other people that just come by my desk how to do things in powershell. Often by quickly mocking up a script for what they want. It is not worth the effort to sign these little 10-20 line scripts every time that I create one. But that is my environment and the way that I use powershell. You have to make these decisions for yourself. – Judenberg 11/4, 2018 at 12:28

Execution policy is a safety feature, not a security feature. No matter what the execution policy is, we can still run scripts by setting an execution policy for the PowerShell process, and this does not require elevated privileges. A restrictive execution policy only helps prevent a user from accidentally running a script they shouldn't. It won't stop a user from running any script at all. – Ravel 11/4, 2018 at 14:14

ExecutionPolicy is not a security boundary. As someone opined elsewhere in a comment, it is a safety feature. Think seat belt not door lock. But seat belts mitigate risk so it's better to use them than not. ExecutionPolicy mitigates the risk of unintentionally running malicious code. The generally recommended minimum policy is RemoteSigned.

Alfonsoalfonzo answered 11/4, 2018 at 15:48 Comment(1)

Your analogy expresses more concisely what I was trying to say; thanks. – Ravel 11/4, 2018 at 17:42

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags