Author Posts

November 3, 2017 at 3:32 pm

Hi,

I work for an outsourcing company. We are trying to introduce Powershell Remoting and punch holes through the appliance firewalls in between different subnets.

However there is one major requirement. That is they want to be absolutely sure that the scripts that are running on it have a signed certificate. The concern that they have is that people can use Bypass to get passed that. Is there anyway that we can remove that?

They will be locking down Domain admins.

Any help will be appreciated.

November 3, 2017 at 3:35 pm

What do you mean “remove that?”

Like, what's the scenario you envision someone running Set-ExecutionPolicy Bypass under? On their local machines, or while connected to a remoting endpoint?

You say “...the scripts that are running on it...” – what is “it,” specifically?

November 3, 2017 at 4:12 pm

Thanks Don for replying. Lets say they create a scheduled task to say 'powershell.exe -bypass ...' Our clients security team are saying that they dont want to turn on remoting if the bypass option. I thought about using the GPO to set it.
When I say 'it' I mean the remote endpoints. Not the local machines

November 3, 2017 at 5:36 pm

Come to think of it....the powershell.exe -bypass is a bit of moot point. I'll come back to them and suggest GPO. Thanks Don.

November 4, 2017 at 3:25 pm

Hi Wei-Yen,
There are lots of ways to "bypass" execution policy that do not involve using the -bypass parameter. In the end, execution policy is not there to be a security mechanisim to protect you against rogue admins that will not follow the corporate policy.

Good article for reference: https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/