Execution Policy Confusion

This topic contains 1 reply, has 2 voices, and was last updated by Profile photo of Don Jones Don Jones 4 weeks ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #52736
    Profile photo of Scott Kroeger
    Scott Kroeger
    Participant

    I installed Posh-SSH external module in order to script some SFTP uploads. When I have my execution policy set to AllSigned the commands in this module will not run. The error says to run 'Import-Module Posh-SSH'. When I do this it gives me errors about various files not being signed. If I change my execution policy to RemoteSigned everything works just fine.

    The module was downloaded from the internet and thus I would think everything in it would be considered remote. Thus I am confused as to why it won't run under the AllSigned execution policy. If it runs under RemoteSigned then it is digitally signed so why won't it run under Allsigned?

    PS C:\Windows\system32> New-SFTPSession -ComputerName $FTPServer -Credential $cred
    New-SFTPSession : The 'New-SFTPSession' command was found in the module 'Posh-SSH', but the module could not be loaded. For more information, run 'Import-Module 
    Posh-SSH'.
    At line:1 char:1
    + New-SFTPSession -ComputerName $FTPServer -Credential $cred
    + ~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (New-SFTPSession:String) [], CommandNotFoundException
        + FullyQualifiedErrorId : CouldNotAutoloadMatchingModule
     
    
    PS C:\Windows\system32> Set-ExecutionPolicy RemoteSigned
    
    PS C:\Windows\system32> New-SFTPSession -ComputerName $FTPServer -Credential $cred
    
    SessionId  Host                                                                               Connected                                                                  
    ---------  ----                                                                               ---------                                                                  
        0      vault.ftpserver...                                                                   True   
    
    PS C:\Windows\system32> $PSVersionTable
    
    Name                           Value                                                                                                                                     
    ----                           -----                                                                                                                                     
    PSVersion                      5.0.10586.117                                                                                                                             
    PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                                                                   
    BuildVersion                   10.0.10586.117                                                                                                                            
    CLRVersion                     4.0.30319.42000                                                                                                                           
    WSManStackVersion              3.0                                                                                                                                       
    PSRemotingProtocolVersion      2.3                                                                                                                                       
    SerializationVersion           1.1.0.1                         
    
    #52741
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Under AllSigned, the module must be signed. Period. Regardless of origin.

    RemoteSigned requires that only "remote" scripts be signed. Because you downloaded the module, it now lives locally, and is not "remote." Only certain download mechanisms would preserve the "remote" flag in downloaded content.

    So it is not, in fact, digitally signed, which you can verify by opening the module's .psm1 file and looking at the bottom. There won't be a bunch of gibberish, which is the cryptographic signature.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.