Execution Policy Confusion

Welcome Forums General PowerShell Q&A Execution Policy Confusion

Viewing 1 reply thread
  • Author
    Posts
    • #52736
      Participant
      Topics: 1
      Replies: 0
      Points: 0
      Rank: Member

      I installed Posh-SSH external module in order to script some SFTP uploads. When I have my execution policy set to AllSigned the commands in this module will not run. The error says to run 'Import-Module Posh-SSH'. When I do this it gives me errors about various files not being signed. If I change my execution policy to RemoteSigned everything works just fine.

      The module was downloaded from the internet and thus I would think everything in it would be considered remote. Thus I am confused as to why it won't run under the AllSigned execution policy. If it runs under RemoteSigned then it is digitally signed so why won't it run under Allsigned?

      PS C:\Windows\system32> New-SFTPSession -ComputerName $FTPServer -Credential $cred
      New-SFTPSession : The 'New-SFTPSession' command was found in the module 'Posh-SSH', but the module could not be loaded. For more information, run 'Import-Module 
      Posh-SSH'.
      At line:1 char:1
      + New-SFTPSession -ComputerName $FTPServer -Credential $cred
      + ~~~~~~~~~~~~~~~
          + CategoryInfo          : ObjectNotFound: (New-SFTPSession:String) [], CommandNotFoundException
          + FullyQualifiedErrorId : CouldNotAutoloadMatchingModule
       
      
      PS C:\Windows\system32> Set-ExecutionPolicy RemoteSigned
      
      PS C:\Windows\system32> New-SFTPSession -ComputerName $FTPServer -Credential $cred
      
      SessionId  Host                                                                               Connected                                                                  
      ---------  ----                                                                               ---------                                                                  
          0      vault.ftpserver...                                                                   True   
      
      PS C:\Windows\system32> $PSVersionTable
      
      Name                           Value                                                                                                                                     
      ----                           -----                                                                                                                                     
      PSVersion                      5.0.10586.117                                                                                                                             
      PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                                                                   
      BuildVersion                   10.0.10586.117                                                                                                                            
      CLRVersion                     4.0.30319.42000                                                                                                                           
      WSManStackVersion              3.0                                                                                                                                       
      PSRemotingProtocolVersion      2.3                                                                                                                                       
      SerializationVersion           1.1.0.1                         
      
    • #52741
      Keymaster
      Topics: 13
      Replies: 4872
      Points: 1,844
      Helping HandTeam Member
      Rank: Community Hero

      Under AllSigned, the module must be signed. Period. Regardless of origin.

      RemoteSigned requires that only "remote" scripts be signed. Because you downloaded the module, it now lives locally, and is not "remote." Only certain download mechanisms would preserve the "remote" flag in downloaded content.

      So it is not, in fact, digitally signed, which you can verify by opening the module's .psm1 file and looking at the bottom. There won't be a bunch of gibberish, which is the cryptographic signature.

Viewing 1 reply thread
  • The topic ‘Execution Policy Confusion’ is closed to new replies.