Powershell 101

Posted by in Projects on Mar 8th, 2011, 6:00 pm | 5 comments

Well, I definitely got my hands wet with running Windows PowerShell scripts today.  I ran into a number of issues in the process, so I better make note of the solutions for next time around.

First off, PowerShell is Windows’ task automation framework.  Good for running scripts on windows machines.  As far as I can tell, you can run PowerShell in the command prompt with the command call PowerShell.exe: C:\Scripts>PowerShell.exe. Or, you can open the Start Menu and start typing PowerShell and open Windows PowerShell.

Now, you have a script and want to run it right? Pretty easy right? Not for me. I had to jump through some serious hoops here… so I tried typing Suspend.ps1. No dice. I’d get an error saying the command isn’t recognized. Through some bing magic I found that you need to include the complete file path: C:\Scripts\Suspend.ps1

Or, if you are currently in the specified folder you can use the .\ notation: .\Suspend.ps1

It’s better to use the full notation, to prevent it from finding a file of the same name in your current Windows path (it looks through the entire path, not just your current directory). FYI – you can see your current path with this command:
$a = $env:path; $a.Split(";")

Anyways, once I figured out how to actually make the call from the command prompt, I kept getting this weird signing error:

File C:\Scripts\Suspend.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see "get-
help about_signing" for more details.
At line:1 char:19
+ C:\Scripts\Suspend.ps1 <<<<

This is where it got tricky. I searched around for a bit and found that by default, windows machines are set to restrict you from running scripts. To see your execution policy try using the command Get-ExecutionPolicy. If you’ve never messed with this before, it’ll probably say Restricted, like mine did. Now, the simple fix to change this is to use the following command call: Set-ExecutionPolicy RemoteSigned. If this works for you, congratulations! You’re good to good. For me… it didn’t. I got some weird error that looked like the following:

Set-ExecutionPolicy : Access to the registry key ‘HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell’ is denied.
At line:1 char:20
+ Set-ExecutionPolicy <<<< RemoteSigned

Is this familiar to you? Hopefully not, but it if is. There’s a solution.

To fix this and add the RemoteSigned execution policy by hand you’ll need to work a little Windows registry magic.

  • Open registry by opening the start menu and typing regedit into the search box
  • Browse to key HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
  • If “ExecutionPolicy” does not exist, create it as REG_SZ with value “RemoteSigned”
  • Open PowerShell and use the command “Get-ExecutionPolicy” to verify it is set correctly

Now, you should be all set. Go back to the command prompt or PowerShell window and run your command. This time when I ran C:\Scripts\Suspend.ps1 it was beautiful.

If you have any other issues send me an email or leave a comment, I may have struggled with it too.

Useful pages for troubleshooting:
http://technet.microsoft.com/en-us/library/ee176949.aspx
http://bartvdw.wordpress.com/2008/04/22/powershell-executionpolicy/#comment-190

5 Responses to “ “Powershell 101”

  1. Luke Bennett says:
    May 25, 2011 at 9:23 am

    There’s a simpler solution to this problem – the reason you get that error is because you’re not running Powershell with sufficient privileges. Run the command prompt or Powershell ISE as an Administrator (by right-clicking the relevant icon and selecting “Run as administrator”) and then you should be able to set the execution policy without having to go to the registry manually.

    Reply
  2. Kyle says:
    May 25, 2011 at 11:48 am

    Luke I believe you’re right. I discovered the solution above before I stumbled across the simple solution to “Run as Administrator”. It was a valuable learning experience if nothing else.

    Reply
  3. Jacob says:
    March 15, 2012 at 11:29 am

    Not quite right. This error still happens despite running under the elevated security context.

    Reply
    • Kyle says:
      March 15, 2012 at 12:25 pm

      Did you try adding a policy to the windows registry? Luke’s comment above says to ‘Run as Administrator’, however in my case I didn’t do that. I added a policy to the registry (before even trying run as admin), and that gave me the security permissions I needed.

      Reply
  4. Tom M says:
    March 9, 2013 at 8:24 am

    After 4 years in Limbo, I’m finally learning PowerShell!
    I played with testing permissions – what I can and cannot do. I found that even when I use “Run As Administrator” I do not have permission to run scripts against my remote servers.
    If I use “runas /u: powershell.exe”, I can run remotely, but do not have UAC elevation locally.
    The reason for this is that my standard user account has local admin rights on my workstation. When I “Run As Administrator”, I am not prompted for admin credentials, so I continue to authenticate with my standard user account … No permission on my servers.
    The solution to this – and also to help block malware – was to remove my user account from the local Administrators group. Now when I “Run As Administrator”, I am prompted for credentials and can enter a domain admin account. I now authenticate locally and remotely under the context of this user.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>