How to make PowerShell prompt for un-signed scripts

Question

The execution policy in my environment is AllSigned:

PS E:\Temp> Get-ExecutionPolicy
AllSigned

When I try to execute a not trusted script it throws the error:

& : File C:\temp\anz.ps1 cannot be loaded. The file C:\temp\any.ps1 is not
digitally signed.
You cannot run this script on the current system. For more information about
running scripts and setting execution policy, see about_Execution_Policies at
http://go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:3
+ & .\any.ps1
+   ~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : SecurityError: (:) [], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess

How can I make PowerShell prompt me for whether I want to execute the script or not?

Something like:

Security Warning
Run only scripts that you trust. While scripts from the Internet can be useful this script can potentially harm your computer. Do you want to run .\temp.ps1?
[D] Do not run [R] Run Once [S] Suspent:

Note: I do not want to bypass or supress the prompt.

Answer 1

You can try running the following command in power shell as an administrator

The fix is to run Set-ExecutionPolicy and change the Execution Policy setting.

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

 “Bypass” means nothing is blocked and no warnings, prompts, or messages will be displayed.

Answer 2

You could add a function to check the file first:

function Test-FileSafety {
    # This function simply returns $true when the file is ok or the user decided to
    # go ahead and run it even though he/she was warned.
    # If the user decided it was too tricky and bailed out, the function returns $false
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true)]
        [ValidateScript({Test-Path $_ -PathType Leaf})] 
        [Alias ('Path')]
        [string]$FileName
    )

    Add-Type -AssemblyName System.Windows.Forms
    $letsGo = $true

    # first test if the file was downloaded from internet (and was not already unblocked)
    if (Get-Item $FileName -Stream zone*) {
        $message  = "Run only scripts that you trust.`r`n"
        $message += "While scripts from the Internet can be useful this script can potentially harm your computer.`r`n`r`n"
        $message += "Do you want to allow '$FileName' ?"

        $result = [System.Windows.Forms.MessageBox]::Show($message, "Security Warning", 3)
        # evaluate the users response and act upon it
        switch ($result) {
            Yes    { <# user wants to run #> Unblock-File -Path $FileName ; break }
            No     { <# user decided not to run the script #> ; $letsGo = $false; break }
            Cancel { <# user bailed out #> ; $letsGo = $false; break }
        }
    }

    # next test if the file is digitally signed or not
    if ($letsGo -and (Get-AuthenticodeSignature -FilePath $FileName).Status -eq 'NotSigned') {
        $message  = "Run only scripts that you trust.`r`n"
        $message += "The script is not digitally signed.`r`n`r`n"
        $message += "Do you still want to run '$FileName' ?"

        $result = [System.Windows.Forms.MessageBox]::Show($message, "Security Warning", 3)
        # evaluate the users response and act upon it
        switch ($result) {
            Yes    { <# user wants to run even though the script is not digitally signed #> ; break}
            No     { <# user decided it was too dangerous and does not want to run the script #> ; $letsGo = $false; break}
            Cancel { <# user bailed out #> ; $letsGo = $false; break}
        }
    }

    return $letsGo
}

and use it like:

if ((Test-FileSafety -FileName "C:\temp\anz.ps1")) {
    # run the script
}
else {
    # do nothing, the user cancelled
}