please look at the following URL: URL
Now it says the following about downloaded scripts:
"Runs scripts that are downloaded from the Internet and not signed, if the scripts are unblocked, such as by using the Unblock-File cmdlet."
I just downloaded a script from the technet gallery (PS2EXE) and I could run the test script that was included just fine without using the Unblock_file cmdlet. What is going on? Am i misunderstanding what Microsoft is telling me or is this a glitch?
help unblock-file:
Internally, the Unblock-File cmdlet removes the Zone.Identifier alternate data stream, which has a value of "3" to indicate that it was downloaded from the Internet.
The idea of a file being "remote" or "coming from the internet" is data on your local computer filesystem which has to be put there by the tool that downloads the file, it's not included in the file during the download.
If you downloaded a file through Internet Explorer, maybe FireFox, Invoke-WebRequest, these will add it. If you download with something else, the tool might not add this alternate stream.
See how it behaves:
# Show folder is empty
PS C:\temp\> Get-ChildItem
# Make a test script which prints Hello World, and run it
PS C:\temp\> "'Hello World'" | Set-Content -Path .\test.ps1
PS C:\temp\> .\test.ps1
Hello World
# Show the file exists
PS C:\temp\> Get-ChildItem
Directory: C:\temp\
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 01/08/2018 22:07 15 test.ps1
# Add the Zone Identifier alternate data stream
PS C:\temp\> "[ZoneTransfer]`nZoneId=3" | Set-Content -Path 'test.ps1' -Stream 'Zone.Identifier'
# Show that it doesn't appear in a normal directory listing:
PS C:\temp\> Get-ChildItem
Directory: C:\temp\
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 01/08/2018 22:08 15 test.ps1
# Show how it blocks the file from running
PS C:\temp\> .\test.ps1
.\test.ps1 : File C:\temp\test.ps1 cannot be loaded. The file C:\temp\test.ps1 is not digitally signed. You cannot
run this script on the current system. For more information about running scripts and setting execution policy, see
about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:1
+ .\test.ps1
+ ~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [], PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess
# Show file content
PS C:\temp\> Get-Content -Path .\test.ps1
'Hello World'
# Show alternate data stream content
PS C:\temp\> Get-Content -Path .\test.ps1 -Stream 'Zone.Identifier'
[ZoneTransfer]
ZoneId=3
# Unblock-File removes this alternate stream
PS C:\temp\> Unblock-File .\test.ps1
# Script runs again
PS C:\temp\> .\test.ps1
Hello World
So the main question is, if you run Get-Content file.ps1:Zone.Identifier and see the ZoneId is 3 and can still run the script, and Get-ExecutionPolicy is RemoteSigned, then you have something odd going on.
But my guess is the download tool did not add this data, so the file looks just like a locally created one.
NB. RemoteSigned is not intended to be a security feature, it's intended to be a "help guard against accidentally running scripts before reading them and deliberately choosing to run them" check, like an "are you sure?" box, not like a password prompt.