PowerShell has been obviously designed with much more security in mind than VBScript or cmd.exe:
- By default
.ps1script files are associated with Notepad. Double-clicking a script does not start it.
- To reference a script in PowerShell you have to specify file path, so even if a script is called
dirwill not start it. The shortest way to reference it is
- And finally execution policies by default won’t allow you to run any scripts at all. You can lift the limitation up a bit by allowing to run scripts signed by trusted authorities.
(Anything else I am missing?)
There are a few things I personally would like to see added in next releases:
- Make execution policies more granular to specify that scripts need to be signed by a specific certificate (the one my company’s IT is using) and not just any trusted one.
- Add built-in protection against code-injection. Right now each script creator needs to handle that him-/herself. Once the protection is in the platform everything is going to be much more secure!
- Fix the ability to retrieve clear text password from credentials prompt (issue found by Martin):
PS C:\> $creds = get-credential
PS C:\> $creds.GetNetworkCredential()
(Anything else? Comments are welcome!)
There are some additional security features which are already available commercially from companies like Quest and SAPIEN (sorry if there are more which I have not referenced – please add in the comments) like:
- Impersonating scripts/command-line for helpdesk and other limited rights scenarios.
- Approval workflows.
So I think that the summary would be that PowerShell has gone a long way to become a much more secure command-line and scripting environment than we used to have before. There is room for improvements but this is only v1, right? I am sure there’s more to come!