3

I have a batch file that calls powershell script and runs it. 

Powershell.exe -ExecutionPolicy RemoteSigned -File %1

%1 argument is the file_name.ps1

When i run it from my local drive, the script runs fine.

however, I moved the scripts to run on a shared drive, and when i try running it from there, it gives this kind of prompt before proceeding:

Unblock_file prompt

The problem with this is autosys has to bypass this prompt, otherwise its giving error.

But why is this even an issue in the shared drive when if i run the script on local drive it doesn't prompt this? and what should i do to resolve it?

I tried passing in the Unblock-File -Path some_path in powershell but its apparently not recognized cmdlet.

Cataster
  • 3,081
  • 5
  • 32
  • 79
  • 2
    Sounds like the trusted zones have not been setup correctly so it's seeing the FQDN of your mapped drive (`server.domain.local`) as a non-trusted remote path rather then a trusted local domain path. – henrycarteruk Sep 26 '18 at 16:11
  • @JamesC. trusted zones...? hmm, our ID is already added as part of the network drive though... – Cataster Sep 26 '18 at 16:24
  • What ZoneId is returned by `Get-Content N:\process.ps1 -Stream Zone.Identifier` (check/update file path) – henrycarteruk Sep 26 '18 at 16:29
  • @JamesC. i am getting error running that command: Get-Content : Could not open the alternate data stream 'Zone.Identifier' of the file – Cataster Sep 26 '18 at 17:00
  • @JamesC. ok i dont know why, but i tried running this command through CMD, and it says "The system cannot find the file specified."?? more < Process.ps1:Zone.Identifier. why is Zone identification not working for me?? I tried it in both my local drive and the share drive... – Cataster Sep 26 '18 at 18:01
  • If it's in an unrecognized zone, that will flag it. The fact that at one point you had a copy of it locally is irrelevant. The system wouldn't even have any way of knowing that it was once on your local system. – as9876 Jun 16 '21 at 17:11
  • 1
    As far as why Unblock-File doesn't work, I had the same issue. It' may be a bug. The error message should really say something like, "The script is in an unsafe zone/location. Either move the file to a trusted location or change the status of the current zone. No, Unblock-File will not help you. Alternatively, run with ByPass." – as9876 Jun 16 '21 at 17:13
  • @as9876 agreed, part of tech revolutions that I wish is addressed with AI is improving on error messages to be more explicit – Cataster Jun 16 '21 at 17:21

1 Answers1

2

Ok, so after being unable to load the zone identification for the file, I tried ByPass policy instead as follows:

Powershell.exe -ExecutionPolicy ByPass -File %1

THAT made it work....instead of RemoteSigned/Unrestricted...

Based on MSDN article here: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-6

RemoteSigned: Scripts can run.

Requires a digital signature from a trusted publisher on scripts and configuration files that are downloaded from the Internet (including e-mail and instant messaging programs).

Does not require digital signatures on scripts that you have written on the local computer (not downloaded from the Internet).

Runs scripts that are downloaded from the Internet and not signed, if the scripts are unblocked, such as by using the Unblock-File cmdlet.

Unrestricted: Unsigned scripts can run. (This risks running malicious scripts.)

Warns the user before running scripts and configuration files that are downloaded from the Internet.

but my script was copied locally there from one drive to another, its not downloaded from the internet...and in the file properties, there was no "Unblock" button, and Unblock cmdlet wouldnt work for me anyways.

So to avoid the warning, the only thing that worked is ByPass

Bypass: Nothing is blocked and there are no warnings or prompts.

Cataster
  • 3,081
  • 5
  • 32
  • 79