When you download a file from the internet, it may be tagged by Windows (via NTFS stream), and PowerShell may refuse to execute it:
PS> & "$home\desktop\Rick.ps1"
& : File C:\Users\tobwe\desktop\Rick.ps1 cannot be loaded. The file C:\Users\tobwe\desktop\Rick.ps1 is not digitally signed. You cannot run this script on the
current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at
At line:1 char:3
+ & "$home\desktop\Rick.ps1"
+ CategoryInfo : SecurityError: (:) , PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess
Typically, this occurs when your execution policy is either not set at all, or set to “RemoteSigned”. This is the recommended setting for average PowerShell users. This is how you enable the setting:
PS> Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned
When enabled, you can run any local script file or network file within your domain, but you can no longer run scripts that either are tagged as “downloads”, or scripts that reside on network locations that are not part of your domain.
To run blocked scripts, here are your choices:
PS> Invoke-WebRequest -Uri "http://bit.ly/e0Mw9w" -UseBasicParsing -OutFile "$home\Desktop\Rick.ps1"
It is somewhat unexpected behavior that Invoke-WebRequest does not tag downloaded files and allows to bypass the execution policy.
ReTweet this Tip!