Is there a way to run a downloaded powershell script as admin without setting a global ExecutionPolicy bypass?



  • Since the 20H2 build of Windows 10 came out, if I want to run a script without copying and pasting it into a PowerShell window, I have to write the following command:

    Set-ExecutionPolicy -ExecutionPolicy ByPass -Scope Process -Force
    

    I don't want to turn off the default behavior, since it prevents scripts from being run by accident or maliciously.

    But I'd also like to be able to just open a PowerShell window as my administrator account, and execute .\somescript.ps1 so that it runs.

    Is it secure to place the line above in my powershell profile so I don't have to manually run it every time I open Powershell as my Admin account, provided I still have UAC turned on (a.k.a. still have to type my password when opening a Powershell as Admin)?



  • With Set-ExecutionPolicy -ExecutionPolicy ByPass -Scope Process you simply temporarily bypass the default setting in the scope of current process. You can see the default policies from about_Execution_Policies: Restricted prevents execution of all scripts whereas AllSigned and RemoteSigned required the scripts to be signed by a trusted publisher, respectively.

    To avoid running this command every time, still preventing all scripts from running freely, you could change your global policy to allow running signed scripts.

    Set-ExecutionPolicy -ExecutionPolicy AllSigned -Scope LocalMachine
    

    After that you could create a code signing certificate and sign your trusted PowerShell scripts with it.


Log in to reply
 

Suggested Topics