All PowerShell versions
PowerShell treats executables (files with extension EXE) like any other command. You can, however, make sure that PowerShell will not execute any or execute only a list of approved applications.
The default setting allows any EXE to be executed:
PS> $ExecutionContext.SessionState.Applications *
This setting would make sure only ping.exe and regedit.exe can run:
$ExecutionContext.SessionState.Applications.Clear() $ExecutionContext.SessionState.Applications.Add('ping.exe') $ExecutionContext.SessionState.Applications.Add('regedit.exe')
And this is the result:
PS> $ExecutionContext.SessionState.Applications ping.exe regedit.exe
Obviously, you can simply revert this setting to get back the default behavior:
PS> $ExecutionContext.SessionState.Applications.Add('*')
PS> explorer
PS>
So as-is, this setting will just make it harder to execute EXEs (or prevent accidental execution of unwanted EXEs). To use it as a security measure, you would also need to turn off the so-called “Language Mode”.
When turned off, you no longer can access .NET objects directly, thus you would not be able to revert the change anymore in the current PowerShell session. We’ll cover the full language mode setting tomorrow.
