Windows PowerShell, Microsoft's new object-oriented console shell, has three out-of-box behaviors that might initially confuse veterans of other console shells, including Windows-based cmd.exe and command.com and UNIX-based consoles. In its default configuration,
PowerShell
- doesn’t search the working directory for executables
- associates scripts with your default text editor and not PowerShell, so they’re edited instead of invoked
- doesn’t execute scripts within PowerShell at all
These characteristics are all part of a more secure command-shell design. PowerShell developer Lee Holmes has blogged about them in detail (you can check out this blog at http://www.leeholmes.com/blog/demonstrationofmonadssecurityfeatures.aspx), demonstrating how these characteristics produce a strong defense against malicious shell scripts and showing how to handle script signing on the cheap without implementing full-blown certificate services. Holmes’s comments are also now included in the script-signing documentation in PowerShell; you can see them by typing the following at a PowerShell prompt:
PS> man about_signing
Although they deliver tighter command-shell security, these behaviors can be frustrating if you’re used to other consoles. Let’s look at how these three PowerShell security features can affect your real-world shell usage and how to resolve problems they might cause you. . . .
Register
