PowerShell Commands

Unblock-File

Unblock-File [-Confirm] -LiteralPath* <String[]> [-WhatIf] [<CommonParameters>]
Unblock-File [-Path*] <String[]> [-Confirm] [-WhatIf] [<CommonParameters>]

The Unblock-File cmdlet lets you open files that were downloaded from the Internet. It unblocks Windows PowerShell script files that were downloaded from the Internet so you can run them, even when the Windows PowerShell execution policy is RemoteSigned . By default, these files are blocked to protect the computer from untrusted files.

Before using the Unblock-File cmdlet, review the file and its source and verify that it is safe to open.

Internally, the Unblock-File cmdlet removes the Zone.Identifier alternate data stream, which has a value of "3" to indicate that it was downloaded from the Internet.

For more information about Windows PowerShell execution policies, see about_Execution_Policies (http://go.microsoft.com/fwlink/?LinkID=135170).

This cmdlet was introduced in Windows PowerShell 3.0.

Parameters

-Confirm [<SwitchParameter>]

  • Default value is False
  • Accepts pipeline input False

Prompts you for confirmation before running the cmdlet.

-LiteralPath <String[]>

  • This value is required
  • Default value is None
  • Accepts pipeline input ByPropertyName

Specifies the files to unblock. Unlike Path , the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell Windows PowerShell not to interpret any characters as escape sequences.

-Path <String[]>

  • This value is required
  • Default value is None
  • Accepts pipeline input False

Specifies the files to unblock. Wildcard characters are supported.

-WhatIf [<SwitchParameter>]

  • Default value is False
  • Accepts pipeline input False

Shows what would happen if the cmdlet runs. The cmdlet is not run.

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,ErrorAction, ErrorVariable, WarningAction, WarningVariable,OutBuffer, PipelineVariable, and OutVariable.

Inputs
System.String
You can pipe a file path to Unblock-File .
Outputs
None
This cmdlet does not generate any output.
Examples
  1. Unblock a file:
    PS C:\> Unblock-File -Path C:\Users\User01\Documents\Downloads\PowerShellTips.chm
    

    This command unblocks the PowerShellTips.chm file.

  2. Unblock multiple files:
    PS C:\> dir C:\Downloads\*PowerShell* | Unblock-File
    

    This command unblocks all of the files in the C:\Downloads directory whose names include "PowerShell". Do not run a command like this one until you have verified that all files are safe.

  3. Find and unblock scripts:
    1. The first command uses the *Stream* parameter of the Get-Item cmdlet get files with the Zone.Identifier stream.Although you could pipe the output directly to the **Unblock-File** cmdlet (Get-Item * -Stream "Zone.Identifier" -ErrorAction SilentlyContinue | ForEach {Unblock-File $_.FileName}), it is prudent to review the file and confirm that it is safe before unblocking.:
      PS C:\> Get-Item * -Stream "Zone.Identifier" -ErrorAction SilentlyContinue
      
            FileName: C:\ps-test\Start-ActivityTracker.ps1
         Stream                   Length
         ------                   ------
         Zone.Identifier              26

      The first command uses the *Stream* parameter of the Get-Item cmdlet get files with the Zone.Identifier stream.Although you could pipe the output directly to the **Unblock-File** cmdlet (Get-Item * -Stream "Zone.Identifier" -ErrorAction SilentlyContinue | ForEach {Unblock-File $_.FileName}), it is prudent to review the file and confirm that it is safe before unblocking.

    2. The second command shows what happens when you run a blocked script in a Windows PowerShell session in which the execution policy is **RemoteSigned**:
      PS C:\> C:\ps-test\Start-ActivityTracker.ps1
      c:\ps-test\Start-ActivityTracker.ps1 : File c:\ps-test\Start-ActivityTracker.ps1 cannot
      be loaded. The file c:\ps-test\Start-ActivityTracker.ps1 is not digitally signed. The script
      will not execute on the system. For more information, see about_Execution_Policies at
      http://go.microsoft.com/fwlink/?LinkID=135170.
      At line:1 char:1
      + c:\ps-test\Start-ActivityTracker.ps1
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
             + CategoryInfo          : SecurityError: (:) [], PSSecurityException
             + FullyQualifiedErrorId : UnauthorizedAccess

      The RemoteSigned policy prevents you from running scripts that are downloaded from the Internet unless they are digitally signed.

    3. The third command uses the **Unblock-File** cmdlet to unblock the script so it can run in the session:
      PS C:\> Get-Item C:\ps-test\Start-ActivityTracker.ps1 | Unblock-File
      

      This command shows how to find and unblock Windows PowerShell scripts.

Additional Notes
 The Unblock-File * cmdlet works only in file system drives.  Unblock-File performs the same operation as the 
 Unblock button on the Properties * dialog box in File Explorer. If you use the Unblock-File * cmdlet on a file 
 that is not blocked, the command has no effect on the unblocked file and the cmdlet does not generate errors.

This work is licensed under a Creative Commons Attribution 4.0 International. It is attributed to Microsoft Corporation and can be found here.

PowerShell Commands