2

My question is not about how to run the scripts with double click!
I'm curious about the reason of such behavior.
The .bat, .cmd, .vbs, .exe, and many others runs with the double-click, but .ps1 not, why?

Improve this question
1
  • 2
    Because it's extension is not associated with a shell or interpreter. You can either create a shortcut, or associate ps1 with powershell. Commented Jul 21, 2020 at 6:01

1 Answer 1

Reset to default
8

The reason to associate .ps1 with Notepad is about security.

Back in the days, Microsoft got burned really bad because of associations' default actions. Per default, Windows' file manager (later known as File Explorer) aimed at easy usage. It didn't show file extensions. That is, MyResume.doc was shown in the default Explorer list as simply MyResume - and it often had a Word icon too.

While this was convenient a way to save screen real estate, it offered a wonderful way to exploit systems. A lot of users simply double-clicked files based on their names and icons. Now, crackers started to send around files that had double extension like MyResume.doc.vbs. Explorer's default action was to strip the .vbs, which meant that the file actually was Visual Basic Scripting file. Since Windows associated .vbs to Windows Scripting Host, the script file was executed with user permissions. To prevent this attack vector, Powershell files are not associated with powershell.exe per default.

Famous cases of extension exploits are the love letter ILOVEYOU and promise of adult content about Anna Kournikova.

Another can of worms (sorry for the horrible pun) are Windows screen saver files. The .scr files are really just executables. A lot of users were fooled to install backdoors to systems, as they didn't understand risks of installing screensavers. This was further exploited by sending files that had extensions not matching the payload, and relying that OS still picked the proper application association.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Good explanation, sounds logical to me. But it still a strange measure, it solves the "problem" just for powershell, but all the other scripts/executables can be double-clicked by the user... so the "crackers" can make a cmd/vbs/etc. file that writes a ps1 file and execute it...
@Sososlik That's the curse of backwards compatibility. When MS presented a lot of breaking security changes in Vista (UAC, filesystem and registry virtualization, no more interactive access from services and so on), the users were not amused. Maybe one day VBS is not enabled per default anymore, and then the attack vector is no longer valid.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.