13

PowerShell's "ExecutionPolicy" allows for restricting all scripts from running, only allowing signed scripts, etc - see this article for reference.

However, if I simply do:

PowerShell -ExecutionPolicy Bypass -file MyScript.ps1

... I have effectively circumvented the configured Execution Policy anyway, and the script is successfully run (even with a completely 'Restricted' default policy configured).

What's the point in having different levels of policies available, if all I have to do is send a switch to bypass it, and it'll succeed? Am I missing somewhere that 'Bypass' won't work under specific circumstances? So far, I've not found an execution policy that wouldn't let it slip right on by anyway.

(Sincerest apologies if this were better suited for StackOverflow, but I came here first, since it deals with security policies. I've searched a while to find an answer on this, but I can't seem to find a definitive explanation.)

kalina
  • 3,354
  • 5
  • 20
  • 36
gravity
  • 229
  • 1
  • 7

1 Answers1

5

From here (em mine):

What is the PowerShell Execution Policy?

The PowerShell execution policy is the setting that determines which type of PowerShell scripts (if any) can be run on the system. By default it is set to "Restricted", which basically means none. However, it's important to understand that the setting was never meant to be a security control. Instead, it was intended to prevent administrators from shooting themselves in the foot

SilverlightFox
  • 33,408
  • 6
  • 67
  • 178
  • 1
    And it's easily bypassed with a one-liner `PowerShell.exe -ExecutionPolicy Bypass -File "C:\circumvent\industry\standard.ps1" 2>&1>$null` https://stackoverflow.com/questions/63529433/powershell-exe-executionpolicy-bypass-header-in-script – FreeSoftwareServers Aug 22 '20 at 05:50
  • 1
    Why "Crutches" are actually a BAD thing for sysadmins! Linux Rules!! --> https://www.redhat.com/sysadmin/sysadmins-dont-sudo – FreeSoftwareServers Aug 22 '20 at 06:03