使用 RemotedSigned 时哪些文件夹是受信任的
当 ExecutionPolicy 设置为 RemotedSigned 时,有人如何判断哪些文件夹是受信任的?我想运行我们网络共享的多个 Powershell 脚本(未映射,因此使用完整的 unc),但我不想对它们全部进行数字签名。
任何帮助都会很棒。
谢谢。
Does any one how to tell what folders are trusted when the ExecutionPolicy is set to RemotedSigned? I want to run a number of Powershell script of our network share (which is not mapped, hence using the full unc), but i do not want to have to digitally signed them all.
Any help would be great.
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
过去,我们通过在 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains 下添加一个注册表项来完成此操作,该注册表项命名共享所在的服务器。在 EscDomains 项下,添加一个作为服务器名称的项。在该键下,添加一个名为“file”且值为 2 的 DWORD 值。
您需要在每台将从服务器运行脚本的计算机上执行此操作,但您可以通过组策略来执行此操作。除了运行 PowerShell 脚本之外,这还存在安全隐患。我不知道如果您的计算机不在域中,这是否有效。如果有更好的解决方案,我期待学习。
有关详细信息,请参阅此知识库文章。
We have done this in the past by adding a registry key under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains that names the server where the share resides. Under the EscDomains key, add a key that is the server name. Under that key, add a DWORD value with the name "file" and the value 2.
You need to do this on each machine that will run scripts from the server, but you can do that via group policy. There are security implications to this beyond running PowerShell scripts. I don't know if this will work if your computers are not in a domain. If there are better solutions, I look forward to learning about them.
For more information, see this KB article.
那么,当您从 UNC 路径运行脚本时会发生什么?
使用 RemoteSigned,您应该能够运行所有编写的脚本和应用程序。无需数字签名即可在本地运行。
So, what happens when you run a script from UNC Path?
With RemoteSigned, you should be able to run all scripts written & run locally without a digital signature.