0

I am downloading a script from azure blob storage and executing afterwards in powershell script. its get's downloaded and executed regardless of the policy set on my machine. At the moment, my machine policy is being set as "RemoteSigned"

In code side, I configured InitialSessionState's executionPolicy property as RemoteSigned.

    var iss = InitialSessionState.CreateDefault();
    iss.ExecutionPolicy = ExecutionPolicy.RemoteSigned;
    var runSpace = RunspaceFactory.CreateRunspace(iss);
    runSpace.Open();    
    PowerShellInstance = PowerShell.Create();               
    PowerShellInstance.Runspace = runSpace; 
    var output = PowerShellInstance.Invoke();

It just executes the script

and script is 

   $Urls = @()
   $Urls += "https://.............ps1"

   $OutPath = "C:\Temp\"

   ForEach ( $item in $Urls) {
       $file = $OutPath +  ($item).split('/')[-1]
       (New-Object System.Net.WebClient).DownloadFile($item, $file)
   }

   cd "C:\Temp\"
   .\.ps1

According to my knowledge of Execution policy it must never execute until and unless it contains a signed certificate or signature. But it still executes. Can any body let me know why?

Usman
  • 2,742
  • 4
  • 44
  • 82
  • Is the ADS [Zone identifier](https://stackoverflow.com/a/4496754) present? [RemoteSigned](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-6) relies on that to decide wether script is runnable or if it isn't. – vonPryz Jul 19 '18 at 11:20
  • How it can be checked? Currently I used Get-Item -Path C:\Temp -stream * | where {$_.Stream -eq "Zone.Identifier" } and it shown me no files at all. This means Zone Identifier was not being present in that downloaded file at all.I don't know what could be the reason. – Usman Jul 19 '18 at 16:19

1 Answers1

0

Check the zone identifier with Get-Content $ScriptPath -Stream zone.identifier. If the stream doesn't exist then the script will run even with the RemoteSigned setting.

Nick Cox
  • 6,164
  • 2
  • 24
  • 30