35

I am trying to have PowerShell unblock a file in Win2K8 R2.

Does anyone have a pointer as to the syntax?

Ruben Bartelink
  • 59,778
  • 26
  • 187
  • 249
Daniel Elliott
  • 22,647
  • 10
  • 64
  • 82

13 Answers13

50

If you are using PowerShell v3, you can use the Unblock-File cmdlet.

The "blocking" part is simply an alternate data stream of the file, named "Zone.Identifier". You can display it in CMD by using input redirection (no other way to get to a stream in CMD, though):

H:\Downloads> more < test.exe:Zone.Identifier
[ZoneTransfer]
ZoneId=3

You can find them using dir /r on Windows Vista and later:

2009-10-24  12:18        54.538.056 test.exe
                                 24 test.exe:Zone.Identifier:$DATA

Also in CMD you can easily get rid of that by overwriting it (using output redirection, this time):

echo.>myDownloadedFile.exe:Zone.Identifier

which isn't quite the same as removing the ADS completely, but works in that Explorer doesn't complain anymore.

There doesn't seem to be native support for handling ADS from within PowerShell (as mentioned on The PowerShell Guy's blog here. That article also has some information how to get that functionality in PowerShell). You could, however, simply call cmd:

cmd /c "echo.>test.exe:Zone.Identifier"

That works from PowerShell as well.

Another option would be Mark Russinovich's streams utility which allows you to inspect a file's ADS and also to delete them. So

streams -d myDownloadedFile.exe

does work as well.

Cristian Ciupitu
  • 20,270
  • 7
  • 50
  • 76
Joey
  • 344,408
  • 85
  • 689
  • 683
  • 3
    I felt @Geert's pain that this post didnt make it explicit that it's as simple as `\\live.sysinternals.com\tools\streams -d myDownloadedFile.exe` (inspired by [http://www.hanselman.com/blog/RemovingSecurityFromDownloadedPowerShellScriptsWithAlternativeDataStreams.aspx](Hanselmans summary) – Ruben Bartelink Oct 13 '11 at 08:30
  • 3
    FYI - Powershell 3 adds this finally via the Unblock-File cmdlet - http://technet.microsoft.com/en-us/library/hh849924.aspx – Ethan J. Brown Apr 27 '12 at 13:56
  • 1
    Use this to flush a wipe-out-this-crap all the way down a folder structure -- for /F %a in ('dir /r/b/s') do @echo .>%a:Zone.Identifier:$DATA – Luke Puplett Jun 28 '12 at 10:31
  • Luke, the question was how to unblock *one* file, not everything below the current directory. This one would still need `cmd /c` from PowerShell as well. Besides, while `dir /r` displays the ADS all of this is lost with `/b` anyway so you don't need the additional problems of using `for /f` to iterate over `dir` output. E.g. your code fails for files with Unicode names and for names with spaces. All in all a fairly poor solution for the question. – Joey Jun 28 '12 at 10:35
  • here a one liner to unblock: `get-childitem -rec | Unblock-File` – Tilo Nov 25 '15 at 00:21
  • PowerShell 1+ can use this pinvoke method: http://andyarismendi.blogspot.com.au/2012/02/unblocking-files-with-powershell.html, which is the same code used by Pash in the opensourced Powershell 3+ repository on GitHub (I checked!) – OzBob Dec 14 '16 at 04:13
  • @OzBob: I wasn't even aware that Pash had that functionality, besides it's no longer maintained since PowerShell has been open-sourced. – Joey Dec 14 '16 at 07:08
9

The PoshCode module includes Set-DownloadFlag and Remove-DownloadFlag functions which work as advertised. :) I've just pulled that piece out into it's own script contribution http://poshcode.org/1430 ... it will work on PowerShell 1 too, if you use the New-Type function in place of Add-Type ( http://poshcode.org/720 )

Jaykul
  • 15,370
  • 8
  • 61
  • 70
5

Oneliner to remove zone informarion(inspired by accepted answer) for all children (with correct quoting).

get-childitem -rec | % { cmd /c "echo.>""$($_.FullName)"":Zone.Identifier" }

Not strictly answer to the question, just want to make sure when I next come up with this problem there is solution already :).

PS. Works in PS 2.0

Community
  • 1
  • 1
Mike Chaliy
  • 25,801
  • 18
  • 67
  • 105
  • 1
    Note: DOES NOT WORK in PS2.0 – user1106405 May 12 '15 at 20:42
  • 1
    Server2008 R2 $host.version.tostring() -eq '2.0' True Set-Executionpolicy 'Bypass' then go get-childitem -rec | % { cmd /c "echo.>""$($_.FullName)"":Zone.Identifier" } did the job –  Jan 25 '17 at 14:59
4

new to posting in forums like this and this might be an old topic but here is what you are looking for.

get-item -Path "path to file(s)" -Stream "Zone.Identifier" -ErrorAction "SilentlyContinue"

This should list out files that are blocked only.

Unblock-File -Path "Path to blocked file(s)"

This will unblock them.

Parrish
  • 159
  • 5
4

To unblock a folder and it's subfolder recursive (>= PowerShell v3) you can use the Get-ChildItem (gci) command:

Get-ChildItem "C:\Temp\" -recurse | Unblock-File

where C:\Temp is the starting folder.

Bruno Bieri
  • 9,724
  • 11
  • 63
  • 92
1

Remove the alternate file stream using Streams.exe see this post: http://www.paraesthesia.com/archive/2010/05/19/unblocking-multiple-files-at-once.aspx

Geert
  • 520
  • 4
  • 4
1

I wrote a little function that uses the Win32 API to delete the Zone.Identifier NTFS alternate data stream which is what Windows uses to determine whether a file is to be blocked.

.NET doesn't have access to alternate data streams so the function uses a technique called platform invoking to call the native Win32 API. The benefit of this over the some other solutions for PowerShell is that it supports the PowerShell pipeline so you can pipe a list of file paths or System.IO.FileInfo objects to the function. The function also doesn't have any external dependencies and actually deletes the alternate data stream instead of just deleting it's contents.

http://andyarismendi.blogspot.com/2012/02/unblocking-files-with-powershell.html

Andy Arismendi
  • 50,577
  • 16
  • 107
  • 124
  • The code posted at this link does not include a license statement. Would you be willing add one to clarify how it may be used? Thanks – Kyle Duncan Feb 04 '19 at 13:30
0

I'll have to amend @Mike 's answer: this won't work if there are spaces in $_.FullName (e.g. like in "C:\Program Files") so it has to be:

get-childitem -rec | % { cmd /c "echo.>""$($_.FullName)"":Zone.Identifier" }
techguy1029
  • 743
  • 10
  • 29
Adam
  • 63
  • 5
0

I haven't seen any answer yet that seems to use the proper powershell cmdlets to do this.

Here we can find DLLs in the current folder that contain the zone.identifier:

Get-Item -Path .\*.dll -stream * | where {$_.Stream -eq "Zone.Identifier" }

Here we zap just only the unwanted streams, unlike some answers above that might damage other streams:

Remove-Item  -Path .\*.dll -stream Zone.Identifier
Warren P
  • 65,725
  • 40
  • 181
  • 316
  • 1
    Remove-Item "-streams" introduced in PS3 https://msdn.microsoft.com/powershell/reference/4.0/microsoft.powershell.core/providers/FileSystem-Provider/Remove-Item-for-FileSystem – OzBob Jul 19 '17 at 08:04
0

If you are using PowerShell 3.0 or above vesion, Unblock-file PowerShell cmdlet should solve this problem with unblocking the file, even though if you don't have unblock button on the file properties window.

The Unblock-File cmdlet lets you open files that were downloaded from the Internet. It unblocks Windows PowerShell script files that were downloaded from the Internet so you can run them, even when the Windows PowerShell execution policy is RemoteSigned. By default, these files are blocked to protect the computer from untrusted files.

Just open the powerShell window and follow below syntax. To find more information about the syntax go to here

Example :

unblock-file -path C:\Downloads\MyFileName.chm

Unblock file with PowerShell screen shot

Warning: Do not unblock unsecure files.

Dinch
  • 548
  • 4
  • 9
  • Hi @Chaithanya, I have link for the unblock-file and added an image. which kind of explanation should I add more. Do you mean how to open PowerShell window? – Dinch Mar 24 '17 at 17:33
  • Hello Dinch, I meant to ask for adding some context to the answer, like some sort of explanation of what that code does, and as such. Please take a look [here](http://stackoverflow.com/help/how-to-answer) for more information on best practices for answering on SO. – Chait Mar 24 '17 at 19:42
  • Updated. How this sounds now? – Dinch Mar 24 '17 at 22:26
  • The Unblock-File command was released in powershell version 3. OP specifically asked for a solution in powershell version 2. – Ro Yo Mi Jul 30 '18 at 13:19
0

If you server does not have Powershell > v3 ($PSVersionTable.PSVersion.Major -ge 3). Then use good old reliable DOS:

for /f "tokens=*" %f in ('dir /b *.*') do echo.>"%f":Zone.Identifier
OzBob
  • 4,227
  • 1
  • 39
  • 48
0

You can search for blocked files like this:

get-item * -stream zone*

Then to unblock the files, pipe that to remove-item or "rm" to delete the zone.identifier streams:

get-item * -stream zone* | Remove-Item

In case you want recursive search:

get-childitem -recurse | get-item -stream zone*
js2010
  • 23,033
  • 6
  • 64
  • 66
-1

Do you mean this:

set-executionpolicy remotesigned

This will allow you to execute local scripts without them being signed, and remote ones if they are signed. More info available here.

Kent Boogaart
  • 175,602
  • 35
  • 392
  • 393
  • 2
    Not quite Kent. Looking to do the scripting equivalent of right click on file in explorer and choosing unblock. +1'ed though as I can see folks arriving here needing exactly that – Daniel Elliott Oct 24 '09 at 09:53
  • This was the hint that I needet. Thank You. The warning-message when executing a script from another host demanded the "unblock-file" method, which does not solve my problem. – Tobias Otto Sep 25 '19 at 07:52