The PowerShell execution policy was developed with a vision to be friendly to administrators, and at the same time, be accessible to end users. More than the former, the latter goal was a little challenging to pull off, considering that convenience is, more often than not, inversely proportional to security.
开发PowerShell执行策略是为了使管理员友好,同时使最终用户可以访问。 考虑到便利性通常与安全性成反比,与前者相比,后者的目标在实现上更具挑战性。
PowerShell脚本不会立即可用 (PowerShell scripts do not run out of the box)
There have been times when malicious VBS (Visual Basic Script) files, disguised as helpful pieces of software were shared around as emails. Unsuspecting users double-clicked the script files, and fell victims to scams as small as letting the creator of the script know you ran the script, to as disastrous as giving the creator of the script complete control over your computer.
有时候,伪装成有用软件的恶意VBS(Visual Basic Script)文件被作为电子邮件共享。 毫无戒心的用户双击脚本文件,使受害者成为骗局的受害者,其骗局小到让脚本的创建者知道您运行了脚本,而灾难性的是,使脚本的创建者完全控制了您的计算机。
There were two major flaws in the aforementioned model:
上述模型有两个主要缺陷:
- Double-clicking the script would run the script. There was no need to open the script to read it before running it 双击脚本将运行该脚本。 在运行脚本之前,无需打开脚本即可读取脚本
- All scripts from anywhere could run 任何地方的所有脚本都可以运行
The PowerShell execution policy addresses the first by not loading the PowerShell engine to run the script. The script, under default configuration, opens in Notepad—not even in PowerShell Integrated Scripting Environment. (If the script opened in the PowerShell ISE, it is still easy to run the script by hitting the F5 key.) Opening the script in Notepad is benign; to run the script, the user would have to make considerable effort.
PowerShell执行策略通过不加载PowerShell引擎来运行脚本来解决第一个问题。 在默认配置下,该脚本在记事本中打开,甚至在PowerShell Integrated Scripting Environment中也不打开。 (如果脚本是在PowerShell ISE中打开的,则仍然可以通过按F5键来运行该脚本。)在记事本中打开该脚本是无害的;否则,请单击“确定”。 要运行脚本,用户将不得不付出很大的努力。
Even if the user manages to right-click on the script and selects Run with PowerShell, or loads up PowerShell ISE and hits the F5 key, you would get an error:
即使用户设法右键单击该脚本并选择“使用PowerShell运行”,或加载PowerShell ISE并按F5键,您也会收到错误消息:
File C:\Users\Prashanth\Downloads\RandomInternetScript.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see “get-help about_signing” for more details.
无法加载文件C:\ Users \ Prashanth \ Downloads \ RandomInternetScript.ps1,因为在此系统上禁用了脚本的执行。 请参阅“获得有关about_signing的帮助”以了解更多详细信息 。
介绍PowerShell执行策略 (Introducing PowerShell Execution Policies)
You may hear that the PowerShell execution policies are a security feature; it is not. The PowerShell Execution Policies are a safety belt in PowerShell, like a child lock in cars. The PowerShell Execution Policies are the child lock on your computer, that protects the non-PowerShell-savvy end users from inadvertently harming themselves. It does not necessarily protect the system, but makes one jump through a few hoops to do something potentially dangerous.
您可能会听说PowerShell执行策略是一项安全功能。 它不是。 PowerShell执行策略是PowerShell中的安全带,就像汽车中的儿童锁一样。 PowerShell执行策略是计算机上的子锁,可保护不懂PowerShell的最终用户免于无意中伤害自己。 它不一定保护系统,但是会跳几圈来做潜在危险的事情。
PowerShell is very powerful. Its access goes straight into the computer. From the system administration standpoint—starting from fetching/setting the date and installing/uninstalling applications—there is hardly anything that PowerShell cannot do. Apart from managing Windows workstations and servers, PowerShell is extensively used with other applications and systems as well, such as Microsoft Exchange, Citrix XenApp and Nutanix HCI, to name a few.
PowerShell非常强大。 它的访问权直接进入计算机。 从系统管理的角度(从获取/设置日期以及安装/卸载应用程序开始),PowerShell几乎无法做任何事情。 除管理Windows工作站和服务器外,PowerShell还广泛用于其他应用程序和系统,例如Microsoft Exchange,Citrix XenApp和Nutanix HCI。
最低0.47元/天 解锁文章
2366
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
