Unsigned Powershell scripts from HTA

0
votes

I have created the below batch file and it works flawlessly as long as I run it manually.

However, if I run the .bat file from a HTA application, PowerShell says that he can't run the script because it is not signed/not trusted: "File cannot be loaded because the execution of scripts is disabled on this system".

Is there any fix/workaround for this without having to actually sign the script?

Batch file:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noexit -command ". '%cd%\temp_oooscript\wrapper.ps1'"

Thank you.

3
powershellbatch-filesignedps1

3 Answers

0
votes

This problem is caused by Windows Execution-policy setting.

To check what policy is running type this command:

Get-ExecutionPolicy

You policy should be one of these 4:

Restricted - No scripts can be run. Windows PowerShell can be used only in interactive mode.

AllSigned - Only scripts signed by a trusted publisher can be run.

RemoteSigned - Downloaded scripts must be signed by a trusted publisher before they can be run.

Unrestricted - No restrictions; all Windows PowerShell scripts can be run.

Not sure you are running remotely or locally.

If locally then your policy might be "all signed".

If remotely then your policy might be "RemoteSigned" or "all signed".

To fix the problem, 2 ways:

  1. Adjust the policy setting. Don't make it too loose like unrestricted (I assume it is a medium to large production environment). The same reason if this is true I don't pro the bypass way by Graimer.

    If this is a lab or small and trusted env then "unrestricted" can be an option. Or the bypass method proposed by Graimer.

  2. Get the script signed.You need to run some "makecert" stuff to generate the signature and then copy it to the machine. The following link might help:

http://www.hanselman.com/blog/SigningPowerShellScripts.aspx

0
votes

Try setting the exeuctionpolicy for powershell to bypass when executing it. Like this:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noexit -executionpolicy bypass -command ". '%cd%\temp_oooscript\wrapper.ps1'"

The reason you're seing this is most likely because the HTA application is run as a 32 bit software, while your os is 64bit. Because the HTA app is running as 32 bit, it uses the powershell in C:\windows\syswow64\windowspowershell... (even though you specified system32 in your code). The execution policy there has is it's own setting, seperate from what you have in your normal 64-bit powershell.

The best way to fix it would be to sign the script using the PKI infrastructure in your enviroment. As a workaround you can use the code I provided above. The advantage for the workaround above is that the executionpolicy is only set to bypass ("disabled") for the PROCESS, and not as a default setting that could compromise security.

0
votes

YES!! Found the bloody solution!! the HTA file needs to be run from through the mshta.exe from system32 instead of SysWOW64. Woohoo!!!