Gandraw

I would like to use Powershell for my unattended installs because of some useful features like XML parsing and WMI queries that are really painful to do in batch files. But then you run into a problem that Windows seems to dislike running unsigned ps1 scripts. Now of course, you can fix that even in unattended installs by running powershell Set-ExecutionPolicy RemoteSigned -force in an administrator context in RunSynchronous at some point which will make the scripts run just fine. But I'm wondering whether it's a good idea to just blanket-enable Powershell scripts. On one hand, I believe that there must have been a reason for Microsoft to disable them by default and I don't just want to go around that without considering the effects. On the other hand, I really cannot imagine what that reason might be. Sure you can do all kinds of malicious stuff to the current user with scripts, but everything nasty you can do in Powershell you could also do in Batch or VBS files, which have none of the security measures. And UAC again applies to all these scripting languages the same way, so even if you switch the executionpolicy off you still cannot modify system files without UAC confirmation. So I'm thinking the Powershell signing is just a feel-good measure required by some Microsoft manager that has no real-world usefulness. Any thoughts about this?