来自Internet的未签名脚本可以在RemoteSigned执行策略下运行

Question

我从互联网上下载了一个脚本。在当前的“RemoteSigned”执行策略下，此脚本不应运行。但它确实运行了。那是为什么？

https://gallery.technet.microsoft.com/scriptcenter/Get-Type-Get-exported-fee19cf7

Windows因为Zone.Identifier ADS而知道它来自Internet。

PS H:\src\test> Get-Item .\Get-Type.ps1 -Stream *

PSPath        : Microsoft.PowerShell.Core\FileSystem::H:\src\test\Get-Type.ps1::$DATA
PSParentPath  : Microsoft.PowerShell.Core\FileSystem::H:\src\test
PSChildName   : Get-Type.ps1::$DATA
PSDrive       : H
PSProvider    : Microsoft.PowerShell.Core\FileSystem
PSIsContainer : False
FileName      : H:\src\test\Get-Type.ps1
Stream        : :$DATA
Length        : 4631

PSPath        : Microsoft.PowerShell.Core\FileSystem::H:\src\test\Get-Type.ps1:Zone.Identifier
PSParentPath  : Microsoft.PowerShell.Core\FileSystem::H:\src\test
PSChildName   : Get-Type.ps1:Zone.Identifier
PSDrive       : H
PSProvider    : Microsoft.PowerShell.Core\FileSystem
PSIsContainer : False
FileName      : H:\src\test\Get-Type.ps1
Stream        : Zone.Identifier
Length        : 26

PS H:\src\test> Get-Content .\Get-Type.ps1 -Stream Zone.Identifier
[ZoneTransfer]
ZoneId=3

我的执行策略设置为RemoteSigned，但可以正确加载该函数。为什么这不会产生错误？

PS H:\src\test> Get-ExecutionPolicy -List

        Scope ExecutionPolicy
        ----- ---------------
MachinePolicy       Undefined
   UserPolicy       Undefined
      Process       Undefined
  CurrentUser       Undefined
 LocalMachine    RemoteSigned

PS H:\src\test> . .\Get-Type.ps1
PS H:\src\test>
PS H:\src\test> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.14409.1012
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14409.1012
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

编辑1

这似乎在5.1.16299.98上按预期工作。

C:>. .\Get-Type.ps1
. : File C:\src\gt\Get-Type.ps1 cannot be loaded. The file C:\src\gt\Get-Type.ps1 is not digitally signed. You cannot run
this script on the current system. For more information about running scripts and setting execution policy, see
about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:3
+ . .\Get-Type.ps1
+   ~~~~~~~~~~~~~~
    + CategoryInfo          : SecurityError: (:) [], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess
PS 11:13  C:\src\gt
C:>$PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.16299.98
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.16299.98
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1