How to Configure Windows to Work with PowerShell Scripts More Easily

Mar 4
08:23

2015

Rossy Guide

Rossy Guide

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

Windows and PowerShell have built-in security features and default configurations intended to prevent end-users from accidentally launching scripts in the course of their daily activities.

mediaimage

How and why Windows & PowerShell prevent script execution:

A PowerShell script can pretty much be configured to do anything you could do manually from the command line. If you could just double-click a PowerShell script and run it with full Administrator privileges.

Get-ChildItem "$env:SystemDrive" -Recurse -ErrorAction SilentlyContinue | Remove-Item -Force -Recurse -ErrorAction SilentlyContinue

DO NOT run the above command!

That simply goes through the file system and deletes whatever it can.

But now,How to Configure Windows to Work with PowerShell Scripts More Easily Articles we can use to either disable or work around a few road blocks:

  • PowerShell does not allow external script execution by default
  • PowerShell is not associated to the .PS1 file extension by default
  • Some PowerShell scripts won’t work without Administrator permissions

 

Changing the .PS1 file association:

You could change the .PS1 file association to whatever program you want with the Default Programs control panel, but digging directly into the Registry will give you a bit more control over exactly how the files will be opened.

The registry settings controlling how PowerShell scripts are opened and stored in the following location:

HKEY_CLASSES_ROOTMicrosoft.PowerShellScript.1Shell

The Shell key should just have one value, “(Default)”, which is set to “Open”. This is a pointer to the default action for double-clicking the file, which we’ll see in the sub-keys.

Each of these represents an action you can perform which is specific to PowerShell scripts.

  • 0: Run with PowerShell.
  • Edit: Open in PowerShell ISE.
  • Open: Open in Notepad.

You’ll want to configure a PSDrive for HKEY_CLASSES_ROOT since this isn’t set up by default.

New-PSDrive HKCR Registry HKEY_CLASSES_ROOT

To configure double-clicking to launch PowerShell scripts directly:

Set-ItemProperty HKCR:Microsoft.PowerShellScript.1Shell '(Default)' 0

To configure double-clicking to open PowerShell scripts in the PowerShell ISE:

Set-ItemProperty HKCR:Microsoft.PowerShellScript.1Shell '(Default)' 'Edit'

To restore the default value:

Set-ItemProperty HKCR:Microsoft.PowerShellScript.1Shell '(Default)' 'Open'

Changing the PowerShell ExecutionPolicy setting:

There are multiple options for this, and a couple different ways it can be set.

  • Restricted
  • AllSigned
  • RemoteSigned
  • Unrestricted
  • Bypass
  • Undefined

To set the CurrentUser and LocalMachine policies as in the screenshot above, run the following commands.

Set-ExecutionPolicy Restricted

Set-ExecutionPolicy Unrestricted -Scope CurrentUser

To enforce the RemoteSigned policy on scripts run from Explorer.

Get-ItemProperty HKCR:Microsoft.PowerShellScript.1ShellCommand | Select-Object '(Default)'

Your default configuration will probably be one of the following two strings.

(Seen on Windows 7 SP1 x64, with PowerShell 2.0)

"C:WindowsSystem32WindowsPowerShellv1.0powershell.exe" "-file" "%1"

(Seen on Windows 8.1 x64, with PowerShell 4.0)

"C:WindowsSystem32WindowsPowerShellv1.0powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & '%1”

To set the Process-level ExecutionPolicy for scripts launched from Explorer.

"C:WindowsSystem32WindowsPowerShellv1.0powershell.exe" "-ExecutionPolicy" "RemoteSigned" "-file" "%1"

Set-ItemProperty HKCR:Microsoft.PowerShellScript.1ShellCommand '(Default)' '"C:WindowsSystem32WindowsPowerShellv1.0powershell.exe" "-ExecutionPolicy" "RemoteSigned" "-file" "%1"'

Run PowerShell scripts as Administrator:

The UAC prompt into the default action for PowerShell scripts is not recommended.

So, we can add a new context menu option to allow us to easily run scripts in elevated sessions when we need to.

HKEY_CLASSES_ROOTMicrosoft.PowerShellScript.1Shell

In there, create a new sub-key. Call it “Run with PowerShell (Admin)”. Underneath that, create another sub-key called “Command”. Then, set the “(Default)” value.

"C:WindowsSystem32WindowsPowerShellv1.0powershell.exe" "-Command" ""& {Start-Process PowerShell.exe -ArgumentList '-ExecutionPolicy RemoteSigned -File "%1"' -Verb RunAs}"

A new context-menu entry for PowerShell scripts, called “Run with PowerShell (Admin)”.

The new option will spawn two consecutive PowerShell instances. The first is just a launcher for the second, which uses Start-Process with the “-Verb RunAs” parameter to request elevation for the new session. From there, your script should be able to run with Administrator privileges after you click through the UAC prompt.