Execution Policy Confusion

I installed Posh-SSH external module in order to script some SFTP uploads. When I have my execution policy set to AllSigned the commands in this module will not run. The error says to run ‘Import-Module Posh-SSH’. When I do this it gives me errors about various files not being signed. If I change my execution policy to RemoteSigned everything works just fine.

The module was downloaded from the internet and thus I would think everything in it would be considered remote. Thus I am confused as to why it won’t run under the AllSigned execution policy. If it runs under RemoteSigned then it is digitally signed so why won’t it run under Allsigned?

PS C:\Windows\system32> New-SFTPSession -ComputerName $FTPServer -Credential $cred
New-SFTPSession : The 'New-SFTPSession' command was found in the module 'Posh-SSH', but the module could not be loaded. For more information, run 'Import-Module 
At line:1 char:1
+ New-SFTPSession -ComputerName $FTPServer -Credential $cred
+ ~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (New-SFTPSession:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CouldNotAutoloadMatchingModule

PS C:\Windows\system32> Set-ExecutionPolicy RemoteSigned

PS C:\Windows\system32> New-SFTPSession -ComputerName $FTPServer -Credential $cred

SessionId  Host                                                                               Connected                                                                  
---------  ----                                                                               ---------                                                                  
    0      vault.ftpserver...                                                                   True   
PS C:\Windows\system32> $PSVersionTable

Name                           Value                                                                                                                                     
----                           -----                                                                                                                                     
PSVersion                      5.0.10586.117                                                                                                                             
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                                                                   
BuildVersion                   10.0.10586.117                                                                                                                            
CLRVersion                     4.0.30319.42000                                                                                                                           
WSManStackVersion              3.0                                                                                                                                       
PSRemotingProtocolVersion      2.3                                                                                                                                       

Under AllSigned, the module must be signed. Period. Regardless of origin.

RemoteSigned requires that only “remote” scripts be signed. Because you downloaded the module, it now lives locally, and is not “remote.” Only certain download mechanisms would preserve the “remote” flag in downloaded content.

So it is not, in fact, digitally signed, which you can verify by opening the module’s .psm1 file and looking at the bottom. There won’t be a bunch of gibberish, which is the cryptographic signature.