Unblock a file with PowerShell?

前端未结

关注

 13  1754

野性不改

I am trying to have PowerShell unblock a file in Win2K8 R2.

Does anyone have a pointer as to the syntax?

相关标签:

13条回答

自闭症患者

2020-12-08 02:59
Oneliner to remove zone informarion(inspired by accepted answer) for all children (with correct quoting).
```
get-childitem -rec | % { cmd /c "echo.>""$($_.FullName)"":Zone.Identifier" }
```
Not strictly answer to the question, just want to make sure when I next come up with this problem there is solution already :).

PS. Works in PS 2.0
0 讨论(0)
发布评论:

提交评论
- 加载中...
北海茫月

2020-12-08 02:59
I haven't seen any answer yet that seems to use the proper powershell cmdlets to do this.

Here we can find DLLs in the current folder that contain the zone.identifier:
```
Get-Item -Path .\*.dll -stream * | where {$_.Stream -eq "Zone.Identifier" }
```
Here we zap just only the unwanted streams, unlike some answers above that might damage other streams:
```
Remove-Item  -Path .\*.dll -stream Zone.Identifier
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
难免孤独

2020-12-08 03:00
If you server does not have Powershell > v3 ($PSVersionTable.PSVersion.Major -ge 3). Then use good old reliable DOS:
```
for /f "tokens=*" %f in ('dir /b *.*') do echo.>"%f":Zone.Identifier 
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
遇见更好的自我

2020-12-08 03:02
I'll have to amend @Mike 's answer: this won't work if there are spaces in $_.FullName (e.g. like in "C:\Program Files") so it has to be:
```
get-childitem -rec | % { cmd /c "echo.>""$($_.FullName)"":Zone.Identifier" }
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
礼貌的吻别

2020-12-08 03:06

I wrote a little function that uses the Win32 API to delete the Zone.Identifier NTFS alternate data stream which is what Windows uses to determine whether a file is to be blocked.

.NET doesn't have access to alternate data streams so the function uses a technique called platform invoking to call the native Win32 API. The benefit of this over the some other solutions for PowerShell is that it supports the PowerShell pipeline so you can pipe a list of file paths or System.IO.FileInfo objects to the function. The function also doesn't have any external dependencies and actually deletes the alternate data stream instead of just deleting it's contents.

http://andyarismendi.blogspot.com/2012/02/unblocking-files-with-powershell.html

0 讨论(0)
发布评论:

提交评论
- 加载中...
梦如初夏

2020-12-08 03:10
If you are using PowerShell v3, you can use the Unblock-File cmdlet.

The "blocking" part is simply an alternate data stream of the file, named "Zone.Identifier". You can display it in CMD by using input redirection (no other way to get to a stream in CMD, though):
```
H:\Downloads> more < test.exe:Zone.Identifier
[ZoneTransfer]
ZoneId=3
```
You can find them using dir /r on Windows Vista and later:
```
2009-10-24  12:18        54.538.056 test.exe
                                 24 test.exe:Zone.Identifier:$DATA
```
Also in CMD you can easily get rid of that by overwriting it (using output redirection, this time):
```
echo.>myDownloadedFile.exe:Zone.Identifier
```
which isn't quite the same as removing the ADS completely, but works in that Explorer doesn't complain anymore.

There doesn't seem to be native support for handling ADS from within PowerShell (as mentioned on The PowerShell Guy's blog here. That article also has some information how to get that functionality in PowerShell). You could, however, simply call cmd:
```
cmd /c "echo.>test.exe:Zone.Identifier"
```
That works from PowerShell as well.

Another option would be Mark Russinovich's streams utility which allows you to inspect a file's ADS and also to delete them. So
```
streams -d myDownloadedFile.exe
```
does work as well.
0 讨论(0)
发布评论:

提交评论
- 加载中...

1 2 3 下一页