Super User Asked on December 25, 2021
In Windows, whenever I click on a .bat
, .cmd
or .vbs
script (Batch and VBScript) file, they get executed by their individual engines (Command Prompt and windows script host).
So, why is the powershell extension .ps1
associated with Notepad by default, instead of Powershell?
Apparently, Microsoft tried to design PowerShell as secure by default. Although Microsoft doesn't seem to have explicitly stated this anywhere, this restriction was probably meant to prevent users from being tricked into executing and spreading malicious scripts.
There is a good description of why this could be dangerous here:
PowerShell is effectively the command shell and scripting language that’s intended to replace CMD and batch scripts on Windows systems. As such, a PowerShell script can pretty much be configured to do anything you could do manually from the command line. That equates to making practically any change possible on your system, up to the restrictions in place on your user account. So, if you could just double-click a PowerShell script and run it with full Administrator privileges, a simple one-liner like this could really wreck your day:
Get-ChildItem "$env:SystemDrive" -Recurse -ErrorAction SilentlyContinue | Remove-Item -Force -Recurse -ErrorAction SilentlyContinue
DO NOT run the above command!...
What could be worse is, instead of getting a script that just trashes their file system, your friend might be tricked into running one that downloads and installs a keylogger or remote access service.
In practice though, powershell code can be executed through a .bat
file by simply passing the code as a commandline argument to powershell. So PowerShell now relies on AMSI (Anti-Malware Scan Interface) to block malicious scripts. For some unexplained reason, the original restriction has been left in place.
Answered by nobody on December 25, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP