This explains why we're not allowed to run any PowerShell scripts that are not signed by some IT root certificate on my work laptop. However, given that I can run any arbitrary executable (with user rights), this does seem a bit ridiculous.
This is PowerShell's default behavior, to only run scripts that are signed. The configuration is changeable by an administrator.
I think this is a reasonable precaution, given PowerShell's potential scope as an attack surface, compared to the tiny fraction of Windows machines that are ever actually used to do anything with PowerShell.
I know that. But they won't let users change the default policy to RemoteSigned...that's what I find annoying. (I can't use stuff like posh-git as a result.) The proposed workaround is to copy scripts into ISE and then use the "Run Snippet" feature. How does PowerShell present more of a surface than the standard Windows APIs available to any executable though?
PowerShell scripts have the same access capability as any executable... but it may be easier to get a malicious PowerShell script onto and running on a target machine. Antivirus programs will scan executables and users may know to be suspicious of them, but it's not hard to imagine a user clicking a harmless-looking .ps1 file inside an archive that suddenly starts executing.
