Execution Policy on Vista or Windows Server 2008

最新推荐文章于 2020-08-07 16:34:57 发布
最新推荐文章于 2020-08-07 16:34:57 发布
阅读量475 收藏
点赞数
分类专栏: 其他 文章标签: windows server powershell user security behavior
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/confei/article/details/3499517
版权
 

Some of you may be getting an error when trying to set the execution policy on a new install of Windows PowerShell in Vista:

 PS C:/Users/leonard> Set-ExecutionPolicy unrestricted
Set-ExecutionPolicy : Access to the registry key 'HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/PowerShell/1/ShellIds/Microsoft.PowerShell' is denied.
At line:1 char:20
+ Set-ExecutionPolicy  <<<< unrestricted

This behavior is by design. As a system-wide default that affects all users, the ExecutionPolicy is stored in the HKLM registry hive. PowerShell users on XP and Windows Server 2003 likely didn't see this as most users login with administrative privileges. In Vista, this changed with the advent of User Account Control. Unless explictly requested, processes started by an Administrator account will run as a standard user and not Administrator.

The resolution here is to start PowerShell as an Administrator and then run the command. You can do this most easily by right-clicking the PowerShell icon in the Start Menu and selecting "Run as Administrator".

Why does PowerShell require administrator privileges to change the execution policy? It affects all users on the machine, and defines a safe default. It is not a user restriction, but gives a system default.

The upshot of all this is administrators can create policies where PowerShell runs signed scripts on servers and, but don't run on laptops by default. In the past, popular script malware often asked the user to go through a series of steps to execute a malicious script. ExecutionPolicy adds an additional layer of defense as it allows administrators to reduce security attack surface area and define a safe default.

As with every time I talk about security, I want to make sure I frame this in the right context: This is defense in depth and not a silver bullet. Of course it won't protect against a hacker extremely good at social engineering who can entice a user to enter commands directly into the console or prevent a sufficiently naive and determined user from being tricked into opening a text file with malware in notepad, starting PowerShell, and copying in the malicious script one line at a time. In both of these cases though, the attacker has control of the machine through the user so in practice the machine has already been effectively compromised before PowerShell was even started.

confei
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
详解SQL Server 2008工具SQL Server Profiler
09-10
SQL Server 2008中的SQL Server Profiler是一款强大的性能监视和诊断工具,它允许管理员监控和记录在SQL Server实例上发生的各种事件,以便于分析性能问题、诊断故障以及调试T-SQL语句。Profiler跟踪是该工具的核心...
非常好的Windows2008优化工具
03-20
该工具主要解决了Windows 2008中一个常见的问题——数据执行保护(Data Execution Prevention, DEP)的兼容性问题。DEP是一种安全机制,用于防止恶意代码在内存中执行,但它有时会误报,导致一些应用程序无法正常...
set-ExecutionPolicy‘ 不是内部或外部命令 cnpm : 无法加载文件 C:\Users\XXX
热门推荐
細水、長流√的专栏
08-07 2万+
set-ExecutionPolicy' 不是内部或外部命令,也不是可运行的程序 或批处理文 转到“开始”菜单,然后搜索“ Windows PowerShell ISE”。 右键单击x86版本,然后选择“以管理员身份运行”。 在顶部,粘贴Set-ExecutionPolicy RemoteSigned; 运行脚本。 选择“全是”。 对64位版本的Powershell ISE(非x86版本)也重复这些步骤。 在安装启动服务的时候会报“cnpm : 无法加载文件 C:\Users\XXX...
Microsoft Windows Vista Security Advancements
网络 人生 学习 进步
12-26 2915
Introduction In just three decades, the software that runs personal computers and digital devices has transformed the way millions of people around the globe work, communicate and enjoy their free
Moving to Windows Vista x64
tweeger的专栏
02-16 3009
原文地址:http://www.codeproject.com/KB/vista/vista_x64.aspx Contents Introductionx64 Sectionx64 Assembly C/C++ Programming Inline Assembly Windows On Windows File System And Regist
Microsoft SQL Server Trace Flags
数据库生态圈(RDB & NoSQL & Bigdata)——专注于关系库优化(Oracle&Mysql&PG&SQL Server )
02-22 1377
Complete list of Microsoft SQL Server trace flags (585 trace flags)REMEMBER: Be extremely careful with trace flags, test in your test environment first. And consult professionals first if you are the ...
Microsoft Windows library files
x_xx_xxx_xxxx的博客
06-21 655
参考自: 维基百科  https://en.wikipedia.org/wiki/Microsoft_Windows_library_filesMicrosoft Windows library filesFrom Wikipedia, thefree encyclopediaJump to navigationJump to search hideThis article has multip...
Moving to Windows Vista x64(codeproject)
staryy的专栏
07-25 2652
Moving to Windows Vista x64 By Daniel Pistelli. An article about x64 and Windows Vista. GenericWindo
Create Custom Login Experiences With Credential Providers For Windows Vista
qtycr的专栏
10-25 4012
from: http://msdn.microsoft.com/en-us/magazine/cc163489.aspx 点击打开链接 Desktop Security Create Custom Login Experiences With Credential Providers For Windows Vista Dan Griffin This a
Teach Your Apps To Play Nicely With Windows Vista User Account Control(转)
zdragon2002的专栏
09-21 1182
转自 http://msdn.microsoft.com/en-us/magazine/cc163486.aspx怕忘了,收藏一个; Least PrivilegeTeach Your Apps To Play Nicely With Windows Vista User Account ControlChris Corio 
Microsoft Security Bulletin MS08-067 – Critical
10-24 1130
  Summary This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted
实验4-2 Windows Server2008之WDS完全攻略.doc
07-07
WDS在RIS的基础上进行了大幅度的改进,能够支持Windows VistaWindows Server 2008的部署,而且引入了诸多新特性。 首先,WDS引入了Windows Preinstallation Environment(Windows PE)作为引导操作系统,这是一个...
SQL Server Execution Plans Second Edition
10-18
Execution plans show you what's going on behind the scenes in SQL Server. They can provide you with a wealth of information on how SQL Server is executing your queries, including the points below. • ...
Hyper-V Server 2008 R2常见故障
08-14
在安装 Windows 2003 SP1 系统到 Hyper-V Server 2008 R2 上时,可能会遇到鼠标不能使用的问题。这是因为未安装 Hyper-V Server 2008 R2 tool 的缘故。解决方法是安装 Hyper-V Server 2008 R2 tool,并选择“操作”...
Frustrated with Installing the Hyper-V Manager to remotely manage Hyper-V Server 2008
confei的专栏【飞在路上】
12-22 2万+
 Frustrated with Installing the Hyper-V Manager to remotely manage Hyper-V Server 2008The Hyper-V Server 2008 installation was easy. Figuring out what I had to do to create virtual machines and
Windows 2003 server远程桌面连接“终端服务器超出了最大允许连接数”的解决办法 
confei的专栏【飞在路上】
06-27 5068
 
怎么把桌面图标的名称的背景颜色变成透明
confei的专栏【飞在路上】
07-26 3573
这个简单: 我的电脑右击>>属性>>性能高级中的,图形设置,进入后,里面有最佳性能,最佳视觉,找到自定义,然后下面的选项中倒数第二个,为桌面图标下使用阴影,这个勾上就可以透明啦 右键点击我的电脑——属性,打开“系统属性”对话框,或者直接按win+Break键等都可以,选择“高级”选项,打开性能选项下的设置对话框,在视觉效果选项里,一般windows2003默认的是“让windows选择计算机的
为什么android在待机状态下网络连接会中断的?
confei的专栏【飞在路上】
05-12 3290
android系统的设置方式大多数都是相同的,但可以对于平板电脑与手机的设置会有所区别,请友友参考一下以下路径是否进入设置 无线和网络--WLAN设置--menu--高级,然后对WLAN休眠策略进行修改,看看是否可以解决这个问题 同时也建议友友参照一下自己平板电脑的使用说明书,查看一下具体的设置方法,谢谢!
云平台windows部署wds安装WindowsServer 2022
最新发布
08-17
总结起来,部署WDS并安装Windows Server 2022的步骤包括创建Windows Server 2022虚拟机实例、登录虚拟机实例、打开Server Manager、添加WDS角色、完成安装,并进行进一步的配置以实现自动化部署。 ### 回答3: ...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值