WEBVTT

00:08.560 --> 00:16.030
Windows partial supports for execution policies and execution policy determines whether you can run

00:16.060 --> 00:25.570
power shell scripts at all and which scripts you can run the restricted execution policy means that

00:25.570 --> 00:26.700
you cannot run.

00:26.770 --> 00:28.900
And it builds scripts.

00:29.080 --> 00:37.420
All signed means that you can run only scripts that have first been signed by a publisher that you trust.

00:37.450 --> 00:44.710
This includes scripts that you create on the local computer removed scient windows powers sheller runs

00:44.710 --> 00:53.560
locally authored scripts that are not digitally signed but any scripts downloaded from applications

00:53.800 --> 01:00.760
like Internet Explorer and Microsoft Outlook must be signed by a publisher that you trust before you

01:00.760 --> 01:01.910
can run them.

01:02.020 --> 01:09.730
And I'm restricted policy means that power shoulder runs all scripts scripts downloaded from applications

01:09.730 --> 01:16.400
like Internet Explorer display a prompt that indicates that they have been downloaded.

01:16.480 --> 01:25.120
If you attempt to run a script where the execution policy is restricted and therefore forbids its execution

01:25.330 --> 01:28.640
you'll see an error message before execution.

01:28.670 --> 01:37.030
Boluses cover a spectrum of increasingly easy access to run in Windows shell scripts which may of course

01:37.150 --> 01:40.810
have both good and bad points in a test in Sonera.

01:40.810 --> 01:48.160
If you know that you won't download any malicious scripts then unrestricted is very convenient.

01:48.170 --> 01:53.570
So unrestricted policy is for development and test machines only.

01:53.770 --> 01:57.220
You can of course sign any scripts that run.

01:57.370 --> 02:05.470
If that is required by an all signed execution policy there is the likelihood that you may run downloaded

02:05.530 --> 02:11.010
scripts then the Earth-Moon signed bolas it gives you a little more protection.

02:11.200 --> 02:19.330
So if you downloaded similarly useful windows power shellcode from the Internet be sure that you understand

02:19.690 --> 02:24.840
what it does before you copy and paste it into your own scripts.

02:24.910 --> 02:32.500
If you create and save this group even if it includes malicious code that you have copied and pasted

02:32.500 --> 02:38.040
into it then you bypass the protection from an execution policy.

02:38.080 --> 02:45.100
You may have in place so to correct the current execution policy on your machine type this command get

02:45.130 --> 02:46.850
execution policy.

02:46.900 --> 02:55.360
You can also use a list parameter to see more details to change an execution policy.

02:55.450 --> 02:57.400
You have several ways to do it.

02:57.430 --> 03:05.720
You can do it in registry by changing with the help of rogered it command so to modify the value of

03:05.720 --> 03:09.260
execution policy in the registry editor.

03:09.460 --> 03:20.030
Right click on the execution policy in HK Alam software Microsoft software shell WAHM shell IDs Microsoft

03:20.030 --> 03:28.260
that power shell and change the set and to remote's signed for example or unrestricted.

03:28.300 --> 03:35.530
You can also modify the value for execution policy by using Windows POAs shell type the following command.

03:35.740 --> 03:45.100
Assuming that your current location is a scale and software Microsoft Office shell WAHM shells ID Microsoft

03:45.100 --> 03:48.780
power shell and change the settings to remote Scient.

03:48.970 --> 03:51.250
So Type the following command set.

03:51.270 --> 03:57.350
There's an item proper to pass Daut name execution policy.

03:57.400 --> 03:59.640
Well your remote side.

03:59.740 --> 04:04.930
Now you can check that you have successfully changed the wealthy by you than the following command.

04:04.990 --> 04:11.340
Get tied to drop into space Daut or just get to execution policy command.

04:11.380 --> 04:18.040
The output will show that the value of execution policy successfully changed to Ramon signed windows

04:18.040 --> 04:23.000
power shell should recognize the change in execution policy immediately.

04:23.140 --> 04:26.530
If the execution policy has not changed them.

04:26.680 --> 04:31.050
Check this out Item property statement for any errors.

04:31.150 --> 04:35.550
And of course you can use certain execution Bulla's the command left.

04:35.720 --> 04:42.850
So let's review the examples of this command let search execution policy Desch execution policy remote's

04:42.850 --> 04:46.150
signed will set the shell execution policy.

04:46.330 --> 04:52.150
If you want to set this code for an execution policy you could use the following commands set execution

04:52.150 --> 04:57.290
policy their scope current user and execution policy.

04:57.340 --> 05:00.440
All signed and forced parameter.

05:00.460 --> 05:09.870
Now if we run the command which uses the list parameter of the Get execution policy left we'll see that

05:10.260 --> 05:18.330
the execution policy for the current user differs from the execution policy set from all users in the

05:18.330 --> 05:19.490
computer.

05:19.500 --> 05:26.820
And the next example will remove the execution policies for the current user was set to execution policy

05:26.820 --> 05:34.520
scope current user execution policy and defined this command to use as an execution policy wellie of

05:34.650 --> 05:42.070
undefined to effectively remove the execution policy that is set for the current user scope.

05:42.300 --> 05:50.280
As a result the execution policy that a certain group policy or in their local machine scope is effective

05:50.700 --> 05:59.370
if you set execution policy in all scopes to undefined and the group policy is not set the default execution

05:59.370 --> 06:00.360
policy.

06:00.380 --> 06:07.830
Restricted is effective for all users since the computer in the next example will set the execution

06:07.830 --> 06:16.470
policy for the current session with set execution boluses code process execution policy all signed.

06:16.470 --> 06:24.000
This command sets and execution policy for all signed for only the current Windows PowerShares shell

06:24.000 --> 06:24.800
session.

06:25.050 --> 06:29.520
And it is deleted when the current session is closed.

06:29.520 --> 06:36.240
Once you have changed the execution policy to remove scien you should be able to run any scripts that

06:36.240 --> 06:37.880
you create locally.

06:37.890 --> 06:41.750
Here is a simple test script I'll name it simple test.

06:41.750 --> 06:49.860
Don't be a swamp and put it into a temp directory on C-Drive so you can create it and use to confirm

06:49.860 --> 06:51.880
that you can run scripts.

06:51.960 --> 06:58.370
The first line uses the read most common lead to get some input from the user.

06:58.380 --> 07:06.210
The second line uses the right host command glad to tell the user that the well you're entered was assigned

07:06.210 --> 07:08.110
to the variable a.

07:08.290 --> 07:17.670
When running scripts the read host and write host command plants are useful to capture input from the

07:17.670 --> 07:21.000
user and to display desired output.

07:21.000 --> 07:28.140
So to confirm that you can now it Windows power shellscript tab the following command.

07:28.170 --> 07:34.720
Assuming that your script is on C. drive in time directory it's called simple test.

07:34.770 --> 07:35.780
Here's one.

07:35.970 --> 07:42.840
If your current working Dougall rectory is the folder you saved the script then you can run it and the

07:42.840 --> 07:52.410
command Daut backslash and the name of the script or the name of the script with be one extension and

07:52.410 --> 07:58.000
one more useful very useful thing you could do is to if you live in those posts.

07:58.010 --> 08:06.000
I'll help file about permissions related to sign and scripts you could use the following command help

08:06.360 --> 08:08.460
about underscores seinen.