-
Notifications
You must be signed in to change notification settings - Fork 33
Installation
Table of Contents
Uproot ships with a Install.ps1 script in the .\PowerShell\ directory. This script sets up the Uproot PowerShell Module on the server/controller. The Install.ps1 script executes the following steps:
- Add Uproot Module to Server
- Import Uproot in the Profile
- Create Uproot Share
- Edit Share Permissions
Windows PowerShell ships with a "Security" feature called the Execution Policy. By default, PowerShell only allows scripts signed by Microsoft to run, but that can be changed by using the Set-ExecutionPolicy cmdlet. When setting the Execution Policy you have 5 options:
- Restricted. Do not load configuration files or run scripts. This is the default.
- All Signed. Require that all scripts and configuration files be signed by a trusted publisher, including scripts that you write on the local computer.
- Remote Signed. Require that all scripts and configuration files downloaded from the Internet be signed by a trusted publisher.
- Unrestricted. Load all configuration files and run all scripts. If you run an unsigned script that was downloaded from the internet, you are prompted for permission before it runs.
- Bypass. Nothing is blocked and there are no warnings or prompts.
Unless you have a valid code signing certificate (that is trusted by your network endpoints) it is best to use the "Remote Signed" Execution Policy. While Microsoft touts Execution Policy as a security feature, there are plenty of bypass methods that are well documented by attackers. By changing you Execution Policy to Remote Signed you are stopping accidental execution of scripts downloaded from the internet, but the overall security posture (the bad guys ability to execute PowerShell code) remains unchanged.