2

我的环境中的执行策略是AllSigned

PS E:\Temp> 获取执行策略
全签

当我尝试执行不受信任的脚本时,它会引发错误:

& : 无法加载文件 C:\temp\anz.ps1。文件 C:\temp\any.ps1 不是
数字签名。
您不能在当前系统上运行此脚本。有关更多信息
运行脚本和设置执行策略,请参阅 about_Execution_Policies at
http://go.microsoft.com/fwlink/?LinkID=135170。
在行:1 字符:3
+ & .\any.ps1
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : SecurityError: (:) [], PSSecurityException
    + FullyQualifiedErrorId : 未授权访问

如何让 PowerShell 提示我是否要执行脚本?

就像是:

安全警告
仅运行您信任的脚本。虽然来自 Internet 的脚本很有用,但此脚本可能会损害您的计算机。你想运行 .\temp.ps1 吗?
[D] 不要运行 [R] 运行一次 [S] 暂停:

注意:我不想绕过或抑制提示。

4

2 回答 2

2

您可以添加一个函数来首先检查文件:

function Test-FileSafety {
    # This function simply returns $true when the file is ok or the user decided to
    # go ahead and run it even though he/she was warned.
    # If the user decided it was too tricky and bailed out, the function returns $false
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true)]
        [ValidateScript({Test-Path $_ -PathType Leaf})] 
        [Alias ('Path')]
        [string]$FileName
    )

    Add-Type -AssemblyName System.Windows.Forms
    $letsGo = $true

    # first test if the file was downloaded from internet (and was not already unblocked)
    if (Get-Item $FileName -Stream zone*) {
        $message  = "Run only scripts that you trust.`r`n"
        $message += "While scripts from the Internet can be useful this script can potentially harm your computer.`r`n`r`n"
        $message += "Do you want to allow '$FileName' ?"

        $result = [System.Windows.Forms.MessageBox]::Show($message, "Security Warning", 3)
        # evaluate the users response and act upon it
        switch ($result) {
            Yes    { <# user wants to run #> Unblock-File -Path $FileName ; break }
            No     { <# user decided not to run the script #> ; $letsGo = $false; break }
            Cancel { <# user bailed out #> ; $letsGo = $false; break }
        }
    }

    # next test if the file is digitally signed or not
    if ($letsGo -and (Get-AuthenticodeSignature -FilePath $FileName).Status -eq 'NotSigned') {
        $message  = "Run only scripts that you trust.`r`n"
        $message += "The script is not digitally signed.`r`n`r`n"
        $message += "Do you still want to run '$FileName' ?"

        $result = [System.Windows.Forms.MessageBox]::Show($message, "Security Warning", 3)
        # evaluate the users response and act upon it
        switch ($result) {
            Yes    { <# user wants to run even though the script is not digitally signed #> ; break}
            No     { <# user decided it was too dangerous and does not want to run the script #> ; $letsGo = $false; break}
            Cancel { <# user bailed out #> ; $letsGo = $false; break}
        }
    }

    return $letsGo
}

并像这样使用它:

if ((Test-FileSafety -FileName "C:\temp\anz.ps1")) {
    # run the script
}
else {
    # do nothing, the user cancelled
}
于 2018-06-13T16:13:05.250 回答
1

您可以尝试以管理员身份在 power shell 中运行以下命令

修复方法是运行 Set-ExecutionPolicy 并更改执行策略设置。

Set-ExecutionPolicy -Scope Process -ExecutionPolicy 绕过

 “绕过”表示没有任何内容被阻止,并且不会显示任何警告、提示或消息。

于 2018-12-04T03:15:38.550 回答