Controlling Execution of Executables
All PowerShell versions
PowerShell treats executables (files with extension EXE) like any other command. You can, however, make sure that PowerShell will not execute any or execute only a list of approved applications.
The default setting allows any EXE to be executed:
This setting would make sure only ping.exe and regedit.exe can run:
And this is the result:
Obviously, you can simply revert this setting to get back the default behavior:
So as-is, this setting will just make it harder to execute EXEs (or prevent accidental execution of unwanted EXEs). To use it as a security measure, you would also need to turn off the so-called “Language Mode”.
When turned off, you no longer can access .NET objects directly, thus you would not be able to revert the change anymore in the current PowerShell session. We’ll cover the full language mode setting tomorrow.
ReTweet this Tip!