为 CurrentUser 将 ExecutionPolicy 设置为 Unrestricted 是否构成安全漏洞? [英] Is setting ExecutionPolicy to Unrestricted for CurrentUser a security breach?

问题描述

我喜欢在 Windows 10 上的 PowerShell 中使用几个别名.

I have a couple of aliases I like to have in my PowerShell on my Windows 10.

我希望它们在会话之间保持不变，因此我将它们放在 C:\Users{username}\Documents\WindowsPowerShell 下的 profile.ps1 文件中.

I want them to persist between sessions, so I have put them in a profile.ps1 file under C:\Users{username}\Documents\WindowsPowerShell.

我收到一个烦人的无法加载，因为在此系统上禁用了运行脚本."错误消息，并找到了有关如何摆脱它的页面:https://social.technet.microsoft.com/Forums/en-US/3e4a9006-d47d-4e19-96f4-10327ae0c5b1/not-able-to-run-script-in-windows-10?forum=winserverpowershell

I am getting this annoying "cannot be loaded because running scripts is disabled on this system." error message, and have found this page on how to get rid of it: https://social.technet.microsoft.com/Forums/en-US/3e4a9006-d47d-4e19-96f4-10327ae0c5b1/not-able-to-run-script-in-windows-10?forum=winserverpowershell

在这里有人说这条线会有所帮助:

In here someone says that this line will help:

Set-ExecutionPolicy Unrestricted -Scope CurrentUser -Force -Verbose

但是将执行策略设置为对我的用户不受限制是否危险?

But is it hazardous to just set the execution policy to unrestricted for my user?

推荐答案

ExecutionPolicy 不是安全边界.正如有人在评论中的其他地方所说，这是一项安全功能.认为安全带不是门锁.但是安全带可以降低风险，因此使用它们总比不使用要好.ExecutionPolicy 降低了无意运行恶意代码的风险.通常推荐的最低策略是 RemoteSigned.

ExecutionPolicy is not a security boundary. As someone opined elsewhere in a comment, it is a safety feature. Think seat belt not door lock. But seat belts mitigate risk so it's better to use them than not. ExecutionPolicy mitigates the risk of unintentionally running malicious code. The generally recommended minimum policy is RemoteSigned.

这篇关于为 CurrentUser 将 ExecutionPolicy 设置为 Unrestricted 是否构成安全漏洞?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！