I've found several questions about how to suppress warnings like this:
Security Warning Run only scripts that you trust. While scripts from the Internet can be useful, this script can potentially harm your computer. Do you want to run .\myscript.ps1? [D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"):
But I have the reverse problem. It has mysteriously disappeared, and I want it back. I don't have full control over the machine, so it's possible something got changed without my knowing. My Execution Policy is currently set to Restricted, but I see no warning when running powershell -ExecutionPolicy Unrestricted -File .\myscript.ps1, even though I had seen it regularly before.
Why do I want it back?
The machine in question is a test machine provided by a client. Further up the chain (in the staging and production environments), I expect this warning to show up, so I want my test machine to be configured so that I get it there as well. Well, normally, at least. My work will generally just require answering yes or suppressing it, but for testing purposes, I want the test machine as much like the stage and production machines as possible.
I'd at least like to know what changed so I can find out if it would affect staging and production, so any suggestions about what that might be would help.
@Jscott has it right that this is the Zone.Identifier alternate NTFS data stream, coupled with Powershell's execution policy, that causes this message. These are the only two things that come together to cause this message to happen.
A machine has several different Powershell execution policies. By default, if you just type
Get-ExecutionPolicy, only the current user's execution policy is shown.By doing
Set-ExecutionPolicy Unrestricted -Scope LocalMachine, you change the execution policy for all users of that machine. I don't see you make that distinction in your post, so I figure you might not realize that.If you don't have admin rights to the machine, you will not be able to change the LocalMachine execution policy.
The other half of the story is the Zone.Identifier alternate stream. If the files do not have this alternate data stream, you will not see this message.
You mention that you download these scripts via WinSCP. For a file downloaded from a network location to contain this alternate data stream, it must have been downloaded by a Zone.Identifier ADS-compatible application, such as a modern web browser, or Windows Explorer. WinSCP is not one of those applications.
That's why NTFS alternate data streams are not what I would consider to be very widely used - because it is very easy to lose the alternate data stream if the file is not transferred in just the right way. Though they can be quite useful for storing metadata.
So let's fix your problem now. Why not just rebuild the alternate data stream on the script so that Powershell once again thinks that you downloaded this thing from the internet? The fact that you are missing that ADS is why you are not seeing a security warning or an unblock button.
To view the ADS (and confirm that nothing is there, that it's blank)
To overwrite it:
And add the second line:
So the entire ADS should look like this when you type:
Windows and Powershell now once again will think that you downloaded this file from the internet.
Edit: Oh and I want to warn you about one last thing. These "ZoneId"s... they correspond to the Security Zones (Intranet, Trusted Sites, Internet, etc.) that are configurable in Internet Explorer. So if an administrator made some heavy modifications to those IE security zones, that can also have an effect on what Windows sees as a "potentially harmful" file.