The go-to Windows PowerShell guide
A comprehensive collection of articles, videos and more, hand-picked by our editors
Windows PowerShell is the engine that makes the operating system run. It can also serve as a back door into your organization, so locking it down is critical.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
PowerShell, an interactive command-line scripting shell, is designed to allow you to automate desktop and application management tasks. It is so well suited for Windows management because it has deep insight into the operating system. Nearly anything you can do with the graphical user interface (GUI) in a management tool, you can also do with PowerShell. In fact, there are some management tasks, such as Desired State Configuration, you can only perform in PowerShell. This is especially true for some of Microsoft's server products such as Exchange.
Because it is so in tune with Windows, PowerShell security is crucial. You must prevent any malicious exploitation. As such, Microsoft put some safeguards in place. For example, PowerShell is subject to the same permissions and restrictions as GUI management tools. If a user lacks the authority to perform an administrative action through a GUI, he will not be able to perform the action in PowerShell, either.
Use execution policies for PowerShell security
Microsoft's main PowerShell security mechanisms are execution policies built into the command line itself. An execution policy's job is to maintain control over the execution of PowerShell scripts. For example, an administrator may wish to only allow scripts to execute if the scripts have been digitally signed.
From a Windows device, you can check the current execution policy setting by using the Get-ExecutionPolicy cmdlet. Similarly, you can use the Set-ExecutionPolicy cmdlet to assign an execution policy. For example, if you wanted to set the execution policy to Restricted, you would type: Set-ExecutionPolicy Restricted
Group Policy provides a better way
Although the cmdlet technique works, it is a manual process. As an alternative, you can use a Group Policy setting to configure the PowerShell execution policy. To do so:
- Open the Group Policy Editor.
- Navigate through the console tree by clicking Computer Configuration, then Administrative Templates, then Windows Components and finally Windows PowerShell.
- Double click on the policy setting called Turn on Script Execution. The Group Policy Editor will open the Turn on Script Execution policy setting.
- Choose the Enable option for this policy setting. Upon doing so, you will be given the option of assigning an execution policy. Your choices include: Allow Only Signed Scripts, Allow Local Scripts and Remote Signed Scripts, and Allow All Scripts.
How to use PowerShell in Exchange
Put PowerShell to work
Twenty-five PowerShell commands to know
Related Q&A from Brien Posey
Setting up Office 365 generally involves multiple devices. With nonpersistent VDI, the rules of the game change for IT admins.continue reading
Much has been said about the inability to scale storage separately from other resources in a hyper-converged system, but are there any advantages to ...continue reading
The definition of hyper-converged infrastructure has evolved as the technology has grown. But the phrase still means different things depending on ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.