Vista - Executing scripts in the current directory

11-15-2006

I guess I've casually accepted that in Monad ... then PowerShell ...
that I can't execute a script by typing:

ScriptName

or

ScriptName.ps1

I know that I have to type .\ScriptName.ps1 or .\ScriptName.

No problem practically speaking.

I've heard it said that it's a security feature.

If I can figure out that the command is .\ScriptName.ps1 or
..\ScriptName surely any hacker can do that too?

So what's the basis of the assumed added security?

Am I being extra obtuse today?

Thanks

Andrew Watt MVP

11-15-2006

I've asked this before and the answer I got was basically "What if a bad program
executed without admin rights, and littered the drive with another bad program
that had the same name as a system command (like DIR)? Then when an admin was in
that directory and typed the DIR command the bad program would run with admin
rights."

I agree that it is possible, but it rarely happens and anti-virus should catch
it and I'm getting tired of doing more work and extra steps for these what if
scenarios. What if a bad guy breaks a window and comes into my house? Does
that mean I should replace all my windows with bricks? Well maybe, but that's a
choice I get to make, a balance between security and convenience/enjoyment.
PowerShell gives me no choice between risk and productivity here.

Microsoft has been beat up so hard about security (and most of it was justified)
that now they're taking it too far and actually hurting productivity. Another
example is the command prompt in Windows Vista, you can't drag'n'drop a program
on to the cmd.exe window anymore, many many people complained about this in the
beta feedback forum but Microsoft would not even comment on it. We can only
assume it was for extra security, and the fact that I can't turn it off really
annoys me.

"Andrew Watt [MVP]" <SVGDeveloper@aol.com> wrote in message
news:8qeml2hrb11e2ql0aopk1ofcjp9ev9j14p@4ax.com...
>I guess I've casually accepted that in Monad ... then PowerShell ...
> that I can't execute a script by typing:
>
> ScriptName
>
> or
>
> ScriptName.ps1
>
> I know that I have to type .\ScriptName.ps1 or .\ScriptName.
>
> No problem practically speaking.
>
> I've heard it said that it's a security feature.
>
> If I can figure out that the command is .\ScriptName.ps1 or
> .\ScriptName surely any hacker can do that too?
>
> So what's the basis of the assumed added security?
>
> Am I being extra obtuse today?
>
> Thanks
>
> Andrew Watt MVP

11-15-2006

"Marty List" wrote:

> We can only assume it was for extra security, and the fact that I can't turn it off
> really annoys me.

You can turn on executing of scripts in the current directory. All you need
to do is include the current directory "." in your environment search path.
PowerShell just tries to be secure by default here. If you like to have your
key under your doormat, then do it - it's your choice!
Frankly, I don't see the need for this because tab-expansion should add ".\"
and ".ps1" for you.

--
greetings
dreeschkind

> "Andrew Watt [MVP]" <SVGDeveloper@aol.com> wrote in message
> news:8qeml2hrb11e2ql0aopk1ofcjp9ev9j14p@4ax.com...
> >I guess I've casually accepted that in Monad ... then PowerShell ...
> > that I can't execute a script by typing:
> >
> > ScriptName
> >
> > or
> >
> > ScriptName.ps1
> >
> > I know that I have to type .\ScriptName.ps1 or .\ScriptName.
> >
> > No problem practically speaking.
> >
> > I've heard it said that it's a security feature.
> >
> > If I can figure out that the command is .\ScriptName.ps1 or
> > .\ScriptName surely any hacker can do that too?
> >
> > So what's the basis of the assumed added security?
> >
> > Am I being extra obtuse today?
> >
> > Thanks
> >
> > Andrew Watt MVP
>
>
>

11-15-2006

"dreeschkind" <dreeschkind@discussions.microsoft.com> wrote in message
news:3A34147D-FD8F-40AD-BCA7-9AF95C01A38B@microsoft.com...
>
> You can turn on executing of scripts in the current directory. All you need
> to do is include the current directory "." in your environment search path.
> PowerShell just tries to be secure by default here. If you like to have your
> key under your doormat, then do it - it's your choice!
> Frankly, I don't see the need for this because tab-expansion should add ".\"
> and ".ps1" for you.
>

Thanks for the tip, I forgot about that. My problem is that I use so many
different systems at different locations and customizing everything all the time
gets tedious. I just need to add this to the scripts in my tools folder that I
always have with me.

11-15-2006

On Wed, 15 Nov 2006 11:18:38 -0700, "Marty List" <usenet@optimumx.com>
wrote:

>Thanks for the tip, I forgot about that. My problem is that I use so many
>different systems at different locations and customizing everything all the time
>gets tedious. I just need to add this to the scripts in my tools folder that I
>always have with me.

$env

ath += ";."

will probably do it (assumes the last path in the PATH environment
variable doesn't end in a semicolon).

Andrew Watt MVP

11-15-2006	#1 (permalink)
Andrew Watt [MVP] n/a posts	Executing scripts in the current directory I guess I've casually accepted that in Monad ... then PowerShell ... that I can't execute a script by typing: ScriptName or ScriptName.ps1 I know that I have to type .\ScriptName.ps1 or .\ScriptName. No problem practically speaking. I've heard it said that it's a security feature. If I can figure out that the command is .\ScriptName.ps1 or ..\ScriptName surely any hacker can do that too? So what's the basis of the assumed added security? Am I being extra obtuse today? Thanks Andrew Watt MVP
My System Specs

11-15-2006	#2 (permalink)
Marty List n/a posts	Re: Executing scripts in the current directory I've asked this before and the answer I got was basically "What if a bad program executed without admin rights, and littered the drive with another bad program that had the same name as a system command (like DIR)? Then when an admin was in that directory and typed the DIR command the bad program would run with admin rights." I agree that it is possible, but it rarely happens and anti-virus should catch it and I'm getting tired of doing more work and extra steps for these what if scenarios. What if a bad guy breaks a window and comes into my house? Does that mean I should replace all my windows with bricks? Well maybe, but that's a choice I get to make, a balance between security and convenience/enjoyment. PowerShell gives me no choice between risk and productivity here. Microsoft has been beat up so hard about security (and most of it was justified) that now they're taking it too far and actually hurting productivity. Another example is the command prompt in Windows Vista, you can't drag'n'drop a program on to the cmd.exe window anymore, many many people complained about this in the beta feedback forum but Microsoft would not even comment on it. We can only assume it was for extra security, and the fact that I can't turn it off really annoys me. "Andrew Watt [MVP]" <SVGDeveloper@aol.com> wrote in message news:8qeml2hrb11e2ql0aopk1ofcjp9ev9j14p@4ax.com... >I guess I've casually accepted that in Monad ... then PowerShell ... > that I can't execute a script by typing: > > ScriptName > > or > > ScriptName.ps1 > > I know that I have to type .\ScriptName.ps1 or .\ScriptName. > > No problem practically speaking. > > I've heard it said that it's a security feature. > > If I can figure out that the command is .\ScriptName.ps1 or > .\ScriptName surely any hacker can do that too? > > So what's the basis of the assumed added security? > > Am I being extra obtuse today? > > Thanks > > Andrew Watt MVP
My System Specs

11-15-2006	#3 (permalink)
dreeschkind n/a posts	Re: Executing scripts in the current directory "Marty List" wrote: > We can only assume it was for extra security, and the fact that I can't turn it off > really annoys me. You can turn on executing of scripts in the current directory. All you need to do is include the current directory "." in your environment search path. PowerShell just tries to be secure by default here. If you like to have your key under your doormat, then do it - it's your choice! Frankly, I don't see the need for this because tab-expansion should add ".\" and ".ps1" for you. -- greetings dreeschkind > "Andrew Watt [MVP]" <SVGDeveloper@aol.com> wrote in message > news:8qeml2hrb11e2ql0aopk1ofcjp9ev9j14p@4ax.com... > >I guess I've casually accepted that in Monad ... then PowerShell ... > > that I can't execute a script by typing: > > > > ScriptName > > > > or > > > > ScriptName.ps1 > > > > I know that I have to type .\ScriptName.ps1 or .\ScriptName. > > > > No problem practically speaking. > > > > I've heard it said that it's a security feature. > > > > If I can figure out that the command is .\ScriptName.ps1 or > > .\ScriptName surely any hacker can do that too? > > > > So what's the basis of the assumed added security? > > > > Am I being extra obtuse today? > > > > Thanks > > > > Andrew Watt MVP > > >
My System Specs

11-15-2006	#4 (permalink)
Marty List n/a posts	Re: Executing scripts in the current directory "dreeschkind" <dreeschkind@discussions.microsoft.com> wrote in message news:3A34147D-FD8F-40AD-BCA7-9AF95C01A38B@microsoft.com... > > You can turn on executing of scripts in the current directory. All you need > to do is include the current directory "." in your environment search path. > PowerShell just tries to be secure by default here. If you like to have your > key under your doormat, then do it - it's your choice! > Frankly, I don't see the need for this because tab-expansion should add ".\" > and ".ps1" for you. > Thanks for the tip, I forgot about that. My problem is that I use so many different systems at different locations and customizing everything all the time gets tedious. I just need to add this to the scripts in my tools folder that I always have with me.
My System Specs

11-15-2006	#5 (permalink)
Andrew Watt [MVP] n/a posts	Re: Executing scripts in the current directory On Wed, 15 Nov 2006 11:18:38 -0700, "Marty List" <usenet@optimumx.com> wrote: >Thanks for the tip, I forgot about that. My problem is that I use so many >different systems at different locations and customizing everything all the time >gets tedious. I just need to add this to the scripts in my tools folder that I >always have with me. $envath += ";." will probably do it (assumes the last path in the PATH environment variable doesn't end in a semicolon). Andrew Watt MVP
My System Specs

Similar Threads
Thread	Forum
executing scripts within a web browser control under the system ac	.NET General
Executing PowerShell Scripts with IIS	PowerShell
executing powershell scripts on server	PowerShell
Executing batch files in PS scripts	PowerShell
how do I keep powershells current directory and dotnets current directory in sync	PowerShell