Windows Powershell Bypass

By default, Windows doesn’t allow us to run the powershell which’s downloaded from another computer without trusted signature. The ExecutionPolicy was set Restricted by default, which’s only allow us to run script created on the same computer (localhost), or script with an signature or from trusted publisher.

To check current policy:

Get-ExecutionPolicy

To check all ExecutionPolicy Scope:

Get-ExecutionPolicy -List

 Scope ExecutionPolicy
        ----- ---------------
MachinePolicy       Undefined
   UserPolicy       Undefined
      Process       Undefined
  CurrentUser       Undefined
 LocalMachine    RemoteSigned

In order to able run untrusted powershell script, you can change the ExecutionPolicy to Unrestricted:

Set-ExecutionPolicy Unrestricted

• AllSigned. Limits script execution on all signed scripts. This setting requires that all scripts are signed by a trusted publisher, including scripts that you write on the local computer. It prompts you before running scripts from publishers that you haven’t yet classified as trusted or untrusted. However, verifying the signature of a script doesn’t eliminate the possibility of that script being malicious. It simply provides an extra check that minimizes this possibility.
• Default. Sets the default execution policy, which is Restricted for Windows clients and RemoteSigned for Windows servers.
• RemoteSigned. This is the default execution policy for Windows server computers. Scripts can run, but the policy requires a digital signature from a trusted publisher on scripts and configuration files that have been downloaded from the internet. This setting doesn’t require digital signatures on scripts that are written on the local computer.
• Restricted. This is the default execution policy for Windows client computers. It permits running individual commands, but it doesn’t allow scripts.
• Unrestricted. This is the default execution policy for non-Windows computers, which you can’t change. It allows unsigned scripts to run. This policy warns the user before running scripts and configuration files that aren’t from the local intranet zone.
• Undefined. Indicates that there isn’t an execution policy set in the current scope. If the execution policy in all scopes is Undefined, the effective execution policy is Restricted for Windows clients and RemoteSigned for Windows Server.

Be careful before running any powershell script from untrusted publisher. It is adviced to always double-check and verify before you run the powershell.

Get-AuthenticodeSignature

You will get NotSigned if the script doesn’t have a Trusted Signature like this one:

SignerCertificate             Status                 Path
-----------------             ------                 ----
                              NotSigned              RemoteDesktopManager.ps1

If you more prefer to change the ExecutionPolicy, you will need to revert the setting back after running the script to avoid any security issues. Otherwise, you can actually bypass the Execution policy when having to execute an Unsigned script one time, withe the following cmdlet:

PowerShell.exe -ExecutionPolicy Bypass -File ".\MyUnsignedScript.ps1"

Or, using ep which refer to executionpolicy bypass

PowerShell.exe -ep Bypass ".\MyUnsignedScript.ps1"