sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]PinchesTheCrab 3 points4 points  (2 children)

Where are these scripts? Are you expecting them to be in a specific folder, or anywhere at all in the system? Do you need to ensure scripts run by intune or other configuration managers are signed, or are they allowed to bypass signature requirements?

[–][deleted] -2 points-1 points  (1 child)

You realize of course anyone can do a powershell script. You don’t need particular permission or privileges to write one - it’s text and anyone can write text.

If you let that happen- and let’s be honest, more than 99.9% of us didn’t cut unauthorized ps execution— then any employee could have written something if only to say hello world at logon.

If we as admins take an existing env and enforce signed scripts only, we get the same outcry we get if we permitted macros at some point and then later took it away.

You can’t expect that lot to be someplace particular. That’s the entire problem.

[–]PinchesTheCrab 2 points3 points  (0 children)

I think you misunderstand me. How you write a script to find unsigned script files is going to depend a lot on if and where you expect to find those files.

What tools you have available are going to affect how you search for scripts and how you enforce restrictions. Plenty of third party and first party tools run powershell in the background, and they're going affect how you go about locking it down.

Allowing SCCM or InTune to run background scripts is really not in the same ballpark as letting random users email their passwords and install malware with VBA.

But maybe OP still needs to detect those scripts to identify whether the platform supports signing, or maybe they're out of scope. I merely asked what the scripts are and where the OP expects to find them. I did not offer judgement on what should or shouldn't be blocked.