If you want to run a PowerShell script from outside PowerShell, for example from within a batch file, you probably know that you need to prepend powershell.exe to the script path. But that is not enough. Always add these three parameters to launch your script safely:
Powershell.exe –noprofile –executionpolicy bypass –file "pathtoscript.ps1"
-noprofile makes sure that your script runs in a default PowerShell environment and does not load any profile scripts. That does not only speed up script launch, it also prevents profile scripts from changing the environment. After all, you don’t want anyone to change “dir” to “del” before your script runs.
The -noprofile option is a good idea. The assumption is that your script does any configuration required such as importing modules. The -bypass means that the person running the script has taken other measures to ensure the integrity of the script. If your script is modified without your knowledge, PowerShell won't do anything about it. So I hope it goes without saying to protect scripts you run like this. Or even better, use an all signed policy and sign your scripts.
ReplyDelete