 Hello, everybody. My name is John Hammond and welcome back to the YouTube video on PowerShell. This is video number three So we're gonna be diving into some profiles for PowerShell Execution policies and that kind of cool stuff. So let's get started. I'm gonna fire up PowerShell I'll just type it into my kind of windows search bar start menu thing here and here we go We're at our prompt. So what I wanted to talk about in this video is how PowerShell is set up or really How it gets to its default state what it loads what it does to really get into this command prompt here That we're sitting at just now. So the way I'm gonna do that is by showing you the PowerShell profiles So PowerShell profiles are kind of the commandlets things function scripts that are ran Right when PowerShell starts up when it presents itself to you as this beautiful blue box that we're working with Where the profiles are stored on your system can vary but they're normally at some default locations They are scripts a PowerShell dot ps1 file And that's a collection of commandlets or functions or things that can run and execute code all within the context of PowerShell Right there PowerShell scripts. So where these are stored is actually something that's available to you and accessible by Noting the profile variable. I haven't talked about variables just yet in the series and will suddenly certainly get into them more very very soon But really variables will just store some value or some information that you can recall and work with and use later You can change them as needed. It's at several so the variables are denoted in PowerShell with a dollar sign prefix So if I wanted to check out the profile variable I'm just going to type in dollar sign profile and again PowerShell is case insensitive It doesn't care. It doesn't care whether I use a capital P or not But that will let us see what the profile is currently set to we could echo this out or Again, the alias echo kind of refers to write host But because we're in it kind of an interactive prompt here PowerShell is pretty in Interpreter like in that we can just enter this and see its value right away So my profile is stored in users John age documents Windows PowerShell Microsoft PowerShell profile dot ps1 that dot ps1 extension is important because that tells us hey This is a PowerShell script. So we could go ahead and look at that. We could we could fire it up a notepad We could cat it out. Let's do notepad dollar sign profile and it errors at me And tells me the system cannot find the path specified. So, okay Maybe it's it doesn't exist yet. Why can't we open? Let's table that problem because we're gonna get back to it But first I want to show you that this profile is only relative to me My user John H. What about all the other users that might be on this computer? or what about are there profiles that are system-wide across the entire machine and That is exactly the case and I want to show you what else you can use to see where these profiles are being stored This is another trick if you check out the profile variable We can use select object as a command here with our pipeline that vertical symbol again the bar here we can select object asterisk to get all of them and It tells us there are actually other locations for different kind of scopes of our profile our current user Current host for this machine is at that location. We just saw profile from John H. Documents There is one current user all hosts and all hosts I'm assuming is if okay, we have kind of a domain and network thing that's set up and if my account is going around to different locations That's really the scope that we're looking at. We have all users current hosts So that's system-wide for this machine That's in Windows system 32 a PowerShell folder and a profile there and all users all hosts So we could examine or set each of those as needed if you wanted to make things system-wide You could modify that all users current host But for our cases, we'll just stick with the quick and easy Profile default here current user current host. So we zoom in on my user John H. So that's that Now let's go ahead and actually kind of create that profile See what it does how we can work with it, etc But when we tried to work with it when we tried it in notepad that wouldn't show it to us we could use get content and That errors out cannot find that path because it doesn't exist. So Normally like notepad if you were to try and do something like create a new file along the way No pad would straight up tell you hey this doesn't exist yet But do you want to create it and you could do that with the notepad or get content get content won't do that It'll tell you it doesn't exist, but notepad as we fired that up just to kind of queue us in The problem is that this whole path doesn't exist This documents Windows PowerShell folder isn't real So I realized in the last video. I neglected to show you how to make directories within PowerShell So interesting thing right we could check out the alias to that make your command that we might be used to in Linux But it says hey that it's not real That's not a thing can't find a matching alias because an alias with the name make your does not exist So I try to Google I try to research like man. How the heck do we create a directory or just a simple folder within PowerShell? It is of course that new item that we're used to But we actually need to specify an item type and we can specify Oh, that's a directory for us and we'll just create it right here as a simple test here That will create a new directory for us You can see the mode there the D for directory and that has been created We could it change directory into that as needed and we could work with it. It's an empty directory right now. That's fine You don't really need to see that directory What I wanted you to see was that PowerShell purist syntax for creating a directory as it turns out There is an alias for that MD MD will Seemingly allow us to use mkdir or makedir so Along that notion you can just type makedir and That will create a directory for you, but apparently it's not noted as an alias So maybe I'm wrong. Maybe I'm not smart. I want to hear your feedback What am I missing and how we're able to run that? Is it is it a built-in? I don't know. Let's go ahead and remove those directories Because I don't need those whatsoever And it won't let me do multiple. That's lame I'm learning. We're all learning. Okay. Now we know that we can create a directory for our profile So let's just grab all the way up to that file here I'm going to just select this and right-click to copy and then we can make directory that or That new item style that you might like and that will create that directory Needed for us documents already existed Windows PowerShell was the one that didn't exist yet But now we can go ahead and create our profile. So let's do that in notepad I will go ahead and paste that in so we can edit that file and now notepad says to us Hey, this file doesn't exist yet. Do you want to create it? Let's do it now we've got this dot dot ps1 file a script and Let's just type in a simple command like get date or we could write host. Hey, you logged in Whatever you want. It's it's up to you what your profile does. It's Kind of like the bash RC file or the bash profile that will load up when you run bash in your Linux shell Or your Z shell or K shell you see an RC file and these are the commands things that happen when you have gone ahead and actually Started that command prompt. This is helpful Normally in the case of if we are getting new modules or some plugins or extensions to PowerShell like oh We wanted to go ahead and import module get or some more color for our output Maybe we could grab those modules and then right away We don't have to load them by hand whenever we start PowerShell They'll be included in our profile and PowerShell will do that automatically for us So now that I've created that I've created this little Profile for us and we've created the content all it does is run the get date Command let once we start up PowerShell. We should see that in action We can see that actually go ahead and get started for us. So let's do it I'm gonna create a new PowerShell window. It'll load up for us But it's spit up We got blood on our screen again It says this profile cannot be loaded because running scripts is disabled on this system for more information see about execution policies and you can check it out online, but What gives right our power our profile isn't loading This is because Something that PowerShell brought into play called execution policies and this is a wonderful segue This is kind of the transition that I wanted here, right? We're trying to execute our profile. It's a PowerShell script We're gonna get into more PowerShell scripting soon, but we need to be able to actually run them We need to be able to see that code actually execute So it says check out about execution policies Maybe we can get help on that if I paste it in right here Searching help for about execution policies and this errors too Well, I guess I never formally introduced this to us and that's my bad If you wanted to get more help on your machine and more documentation, you can run update help Let's go ahead and update help See if that will work for us in this PowerShell learning curve Grabbing all this stuff There's a lot here Might have to pause the video for this Okay, that failed too Well looks like scrolling through these error messages We can't pull these in because we aren't running as the administrator Do you remember how we can fire up PowerShell as the administrator? We could just simply right-click it or shift control enter Now let's go ahead and update help You can see it tried to run our profile But we still can't do that because we don't have the execution policy set But what are our execution policies? We want to be able to learn about that. So let's go ahead and download this help Okay, that actually took a couple minutes and we still have a couple errors But let's see if we can even check out that about execution policy that we wanted to see it was a get help on About execution policies and these were underscores that were separating them execution policies Okay, so now we have some more information Scroll up to check out what we have here Okay, so execution policies describes the Windows PowerShell execution policies whatever and explains how to manage them That's what this about help file does for us So execution policies let you determine the conditions under which Windows PowerShell loads configuration files and run scripts You can set an execution policy for the local computer the current user or a particular session Okay, so we can zoom in on the scope really just like how we did with the profiles It says the PowerShell execution policies are as follows Restricted is the default policy It will permit individual commands, but it will not run scripts Prevents running all scripts including formatting Modules etc all signed means scripts then run Excuse me scripts can run But all the scripts must be signed by a trusted publisher including scripts that you write on the local computer so even if we were to develop some code we would have to sign it with our digital key and Known that we are a trusted individual It will prompt you before running scripts from publishers that you have not yet classified as trusted or untrusted and It risks running signed but malicious scripts. So even if it's signed. There's no way of knowing. It's actually good or bad Remote signed it says scripts can run. This is default extension policy in Windows Server 2012 requires a digital signature from trusted publishers Including ones that are downloaded from the internet Email and some messaging does not require digital signatures on scripts that you have written on your local computer Run scripts that are downloaded from the internet and are not signed if the scripts are unblocked Such as by using the unblock file command. Okay, that's good to know There's a risk in running these scripts if you get them from the internet because they could be evil Unrestricted means unsigned scripts can run that of course has the most risk Warns the user before running scripts. That's a nice typo. Nice That's hilarious Configuration files that are downloaded from the internet can someone tell Microsoft there's a typo and they're about help Bypass means nothing is blocked and there's no warnings whatsoever Okay, I mean we might be able to use that for evil some malicious stuff in the future if we're trying to do some red teaming offensive security, right Undefined it means that there's nothing actually set Okay, you can set an execution policy in a particular scope. Okay, that's for specific processes of users of the entire machine For more information you can set the execution policy That's the command let there or you can get the execution policy with get execution policy If to get all the execution policies that are affected you can use get execution policy hyphen list. Okay Let's go ahead and play with that then. Let's see what we're actually working with. Let's get execution policy hyphen list and Seemingly everything is undefined. Okay, what about just regular get execution policy that tells me restricted So that means that no scripts can run But we can set execution policy and we can use that as Remote signed I think that's the best option because that still has security in that we can download scripts on the internet We won't be able to run them unless we specifically unblock them and any scripts that we develop right on our own computer We can use just fine. So let's do that. It says do you want to do this for real? Are you sure? Yes Capital why they're hit that and now we're good. Let's get our execution policy one more time Just as a simple sanity check make sure that change did in fact take place and it is now remote side Okay, I can only do that We can only run that command to set execution policy if we're running as the administrator You can see up on the top left. That's how I am running the shell when I hit control shift I Enter and fired up the PowerShell prompt that way if we were to run as a regular user it would yell at us So if you got some blood got some red on your screen make sure that you are in fact running that as the administrator user So now we can potentially run scripts. So now if I close that PowerShell Run a new window here. It's gonna execute our script It's going to actually execute our profile that dot ps1 file that we created and it's going to see that get date Command let output is right there. So great. That is our profile. Let's go ahead and remove that I wanted to show that to you But I wanted to use that as a segue so we can actually set our execution policy And now we've done everything that I want to accomplish in this video. So thank you guys so much for watching I hope you guys enjoyed this if you did please do like comment and subscribe all those YouTube algorithm things There is a link in the description to join the discord server It is an awesome community with tons of smart people much smarter than me and we're all trying to get better We're all trying to learn the cyber security computer science stuff So I hope you enjoyed love to see you guys on patreon. Love to see you on paypal. Love to see in the next video Thanks