lolloj - Fotolia

Q
Get started Bring yourself up to speed with our introductory content.

How do PowerShell execution policies prevent malicious activity?

There are four common execution policies IT administrators can choose from to secure PowerShell against malicious attacks. Figure out which one is right for you to secure your OS.

There has always been some degree of concern from the IT community that someone could use PowerShell for malicious purposes because the scripting utility can interact with the Windows operating system on a deep level.

The primary mechanism that prevents PowerShell from being misused is the execution policy. PowerShell execution policies determine the conditions when PowerShell scripts are -- or are not -- allowed to work. There are six PowerShell execution policies. The four most common ones are:

Restricted: PowerShell scripts cannot execute and configuration files cannot load.

AllSigned: PowerShell scripts can only execute if they are signed by a trusted publisher. Configuration files must also be signed.

RemoteSigned: PowerShell scripts or configuration files that have been downloaded from the internet must be signed. Locally created scripts and configuration files do not have to be signed.

Unrestricted: Any script can run, and any configuration file may be used. There is no requirement for code signing.

IT administrators can set the execution policy from the PowerShell prompt by using the Set-ExecutionPolicy cmdlet, followed by the name of the execution policy. Verify the change with the Get-ExecutionPolicy cmdlet.

Admins can also control PowerShell execution policies at the Group Policy level. The computer-level settings for doing so are found in the Group Policy Object Editor at Computer Configuration > Policies > Administrative Templates > Windows Components > Windows PowerShell. User configuration settings are available at User Configuration > Policies > Administrative Templates > Windows Components > Windows PowerShell.

Next Steps

Get started with Windows PowerShell

Is PowerShell a security risk?

Most useful PowerShell commands

This was last published in August 2016

Dig Deeper on Network intrusion detection and prevention and malware removal

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Which PowerShell execution policy do you use?
Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close