Execution Policy Confusion

This topic contains 1 reply, has 2 voices, and was last updated by  Don Jones 1 year ago.

  • Author
  • #52736

    Scott Kroeger

    I installed Posh-SSH external module in order to script some SFTP uploads. When I have my execution policy set to AllSigned the commands in this module will not run. The error says to run 'Import-Module Posh-SSH'. When I do this it gives me errors about various files not being signed. If I change my execution policy to RemoteSigned everything works just fine.

    The module was downloaded from the internet and thus I would think everything in it would be considered remote. Thus I am confused as to why it won't run under the AllSigned execution policy. If it runs under RemoteSigned then it is digitally signed so why won't it run under Allsigned?

    PS C:\Windows\system32> New-SFTPSession -ComputerName $FTPServer -Credential $cred
    New-SFTPSession : The 'New-SFTPSession' command was found in the module 'Posh-SSH', but the module could not be loaded. For more information, run 'Import-Module 
    At line:1 char:1
    + New-SFTPSession -ComputerName $FTPServer -Credential $cred
    + ~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (New-SFTPSession:String) [], CommandNotFoundException
        + FullyQualifiedErrorId : CouldNotAutoloadMatchingModule
    PS C:\Windows\system32> Set-ExecutionPolicy RemoteSigned
    PS C:\Windows\system32> New-SFTPSession -ComputerName $FTPServer -Credential $cred
    SessionId  Host                                                                               Connected                                                                  
    ---------  ----                                                                               ---------                                                                  
        0      vault.ftpserver...                                                                   True   
    PS C:\Windows\system32> $PSVersionTable
    Name                           Value                                                                                                                                     
    ----                           -----                                                                                                                                     
    PSVersion                      5.0.10586.117                                                                                                                             
    PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                                                                   
    BuildVersion                   10.0.10586.117                                                                                                                            
    CLRVersion                     4.0.30319.42000                                                                                                                           
    WSManStackVersion              3.0                                                                                                                                       
    PSRemotingProtocolVersion      2.3                                                                                                                                       
  • #52741

    Don Jones

    Under AllSigned, the module must be signed. Period. Regardless of origin.

    RemoteSigned requires that only "remote" scripts be signed. Because you downloaded the module, it now lives locally, and is not "remote." Only certain download mechanisms would preserve the "remote" flag in downloaded content.

    So it is not, in fact, digitally signed, which you can verify by opening the module's .psm1 file and looking at the bottom. There won't be a bunch of gibberish, which is the cryptographic signature.

You must be logged in to reply to this topic.