2

I've found several questions about how to suppress warnings like this:

Security Warning Run only scripts that you trust. While scripts from the Internet can be useful, this script can potentially harm your computer. Do you want to run .\myscript.ps1? [D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"):

But I have the reverse problem. It has mysteriously disappeared, and I want it back. I don't have full control over the machine, so it's possible something got changed without my knowing. My Execution Policy is currently set to Restricted, but I see no warning when running powershell -ExecutionPolicy Unrestricted -File .\myscript.ps1, even though I had seen it regularly before.

Why do I want it back?

The machine in question is a test machine provided by a client. Further up the chain (in the staging and production environments), I expect this warning to show up, so I want my test machine to be configured so that I get it there as well. Well, normally, at least. My work will generally just require answering yes or suppressing it, but for testing purposes, I want the test machine as much like the stage and production machines as possible.

I'd at least like to know what changed so I can find out if it would affect staging and production, so any suggestions about what that might be would help.

jpmc26
  • 141
  • 1
  • 8
  • Did you copy this PS1 file from another computer or network? If so, does the file still carry its alternate data stream? In PSv3 see `Test-AlternateDataStream`. Test with a "new" copy. – jscott Jul 23 '13 at 01:33
  • The script in question comes from a ZIP file that definitely came from another location. (I downloaded the ZIP file from an FTP site my company owns... using WinSCP because nothing else can get outside the network.) Unfortunately, this server is on PowerShell v2. I tried copying a plain ps1 with a few `Write-Host`s file from my local machine over Remote Desktop just now, and it didn't generate a warning, either. Is there another way I can check the alternate data stream? Thanks for the help. – jpmc26 Jul 23 '13 at 01:38
  • Download a new copy of the zip. Right-click it and select "Properties". Is there an "Unblock" button? – jscott Jul 23 '13 at 01:40
  • No. None on the script itself if I unzip it, either. I can't recall if there ever was. I may have checked a long time ago when I first started seeing the warning to begin with, but as much as I want to say there wasn't, I'm not totally sure. – jpmc26 Jul 23 '13 at 01:50

1 Answers1

4

@Jscott has it right that this is the Zone.Identifier alternate NTFS data stream, coupled with Powershell's execution policy, that causes this message. These are the only two things that come together to cause this message to happen.

"I don't have full control over the machine, so it's possible something got changed without my knowing."

A machine has several different Powershell execution policies. By default, if you just type Get-ExecutionPolicy, only the current user's execution policy is shown.

PS C:\users\ryan> Get-ExecutionPolicy -List

Scope               ExecutionPolicy
-----               ---------------
MachinePolicy       Undefined
UserPolicy          Undefined
Process             Undefined
CurrentUser         Undefined  
LocalMachine        Unrestricted

By doing Set-ExecutionPolicy Unrestricted -Scope LocalMachine, you change the execution policy for all users of that machine. I don't see you make that distinction in your post, so I figure you might not realize that.

If you don't have admin rights to the machine, you will not be able to change the LocalMachine execution policy.

The other half of the story is the Zone.Identifier alternate stream. If the files do not have this alternate data stream, you will not see this message.

You mention that you download these scripts via WinSCP. For a file downloaded from a network location to contain this alternate data stream, it must have been downloaded by a Zone.Identifier ADS-compatible application, such as a modern web browser, or Windows Explorer. WinSCP is not one of those applications.

That's why NTFS alternate data streams are not what I would consider to be very widely used - because it is very easy to lose the alternate data stream if the file is not transferred in just the right way. Though they can be quite useful for storing metadata.

So let's fix your problem now. Why not just rebuild the alternate data stream on the script so that Powershell once again thinks that you downloaded this thing from the internet? The fact that you are missing that ADS is why you are not seeing a security warning or an unblock button.

To view the ADS (and confirm that nothing is there, that it's blank)

C:\> more < script.ps1:Zone.Identifier:$DATA

To overwrite it:

C:\> echo [ZoneTransfer] > script.ps1:Zone.Identifier:$DATA

And add the second line:

C:\> echo ZoneId=3 >> script.ps1:Zone.Identifier:$DATA

So the entire ADS should look like this when you type:

C:\>more < script.ps1:Zone.Identifier:$DATA
[ZoneTransfer]
ZoneId=3

Windows and Powershell now once again will think that you downloaded this file from the internet.

Edit: Oh and I want to warn you about one last thing. These "ZoneId"s... they correspond to the Security Zones (Intranet, Trusted Sites, Internet, etc.) that are configurable in Internet Explorer. So if an administrator made some heavy modifications to those IE security zones, that can also have an effect on what Windows sees as a "potentially harmful" file.

Ryan Ries
  • 55,011
  • 9
  • 138
  • 197
  • Thank you for the very detailed answer. I do have admin rights on the machine; I'm just not one of the network admins (I'm a developer.) and there are others who have admin rights. I'll look into all these shortly. At the very least, I've learned a lot from this answer. =) – jpmc26 Jul 23 '13 at 18:50
  • I apologize for the lack of accept/response. I ended up finding out about `-ExecutionPolicy Bypass`, which never shows this warning regardless. I haven't had a chance to test your answer, but I haven't forgotten. – jpmc26 Jan 10 '14 at 23:04
  • @jpmc26 Awesome. I love that I way overthought this and that you showed a much simpler answer. One of my favorite things about SF, is that even my answers can end up teaching me something. :) – Ryan Ries Jan 11 '14 at 01:08