我可以使用脚本设置PowerShell执行策略吗?
如果这是不可能的,我不会感到惊讶,但我需要在多个构建服务器上设置执行策略(在 32 位 PowerShell 环境上) - 如果我可以编写此脚本,那么速度会快得多,但我当前的尝试
%SystemRoot%\syswow64\WindowsPowerShell\v1.0\
powershell.exe -Version 2
-Command "& {Set-ExecutionPolicy -ExecutionPolicy RemoteSigned}"
无需完成即可完成任何可见的错误,但执行 政策尚未制定。
我想如果用户可能被欺骗运行一个改变其执行策略的脚本,这会造成一些安全漏洞,但我想我无论如何都会问这个问题。
好吧 - 所以理查德和克莱卡是完全正确的,而我有点愚蠢。 重试该命令后 - 我发现它确实有效(尽管我在问题中说过)。我想我一定是混淆了 32 个和 64 个 PowerShell 窗口(即在一个窗口中设置执行策略,然后在另一个窗口中检查值)。
抱歉。
I would not be surprised if this is not possible, but I need to set the execution policy (on the 32 bit PowerShell environment) on several build servers - it would be much quicker if I could script this, but my current attempt,
%SystemRoot%\syswow64\WindowsPowerShell\v1.0\
powershell.exe -Version 2
-Command "& {Set-ExecutionPolicy -ExecutionPolicy RemoteSigned}"
completes without any visible error, but the execution
policy is not being set.
I guess it would create a bit of a security hole if users could be tricked into running a script that changed their execution policy, but I thought I would ask the question anyway.
OK - so Richard and Craika are entirely correct and I am a little bit stupid.
After retrying the command - I find that it does work (despite what I said in the question). I guess I must have been getting mixed up between 32 and 64 PowerShell windows (i.e. setting the execution policy in one and then checking the value in another).
Apologies.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您可以执行此操作,但脚本将在当前(即脚本之前)强制执行策略下运行或不运行。
显而易见的方法是使用受信任的证书对脚本进行签名。
但是,如果您想集中管理服务器,为什么不将它们放在 Active Directory OU 或组中,然后使用组策略来设置执行策略呢?
(不要忘记您需要为 32 位和 64 位进程进行设置。)
You can do this, but the script will be run or not run under the currently (ie. before the script) in force execution policy.
The obvious approach would be to sign the script with a trusted certificate.
However if you want to manage the servers collectively, why not put them in an Active Directory OU or group and then use Group Policy to set the execution policy?
(And don't forget you'll need to set it for both 32 and 64bit processes.)
您的命令将起作用(并且在我的计算机上起作用) - 执行策略不会影响您直接传递到 powershell.exe 的 Command 参数中的任何内容(即使它确实起作用,也有一个 ExecutionPolicy 参数)。您确定是在 64 位会话中运行吗?
如果您确实想编写脚本,则可以从本地工作站运行它:
它在 $ComputerList 中的每台计算机上创建一个新进程并执行您的命令。就像我说的,你的命令在我的电脑上确实有效。我认为问题在于它是否真正运行您想要的 PowerShell 版本。
Your command will work (and does work on my computer) - the execution policy won't affect anything you pass directly into the Command parameter of powershell.exe (and even if it did there is also an ExecutionPolicy parameter). You're definitely running from a 64-bit session?
If you did want to script it, you could run this from your local workstation:
It creates a new process on each computer in $ComputerList and executes your command. Like I say, your command does work on my computer. I would think the problem lies in whether whether it's actually running the version of PowerShell you're after.