Windows Server

How to set Execution Policy via Windows PowerShell

Christianby
Leave a Comment on How to set Execution Policy via Windows PowerShell

PowerShell is configured to prevent the execution of PowerShell scripts on Windows systems by default. The PowerShell execution policy is a safety feature implemented to control the various conditions under which PowerShell loads configuration files and runs scripts. This feature helps prevent the execution of malicious scripts. In order to run and execute scripts, one of the following values must be taken into consideration. In this guide, you will learn how to set Execution Policy via Windows PowerShell. Please see How to install and update PowerShell version 7 on Windows and Linux, and how to determine the execution policy configured on Windows PC.

See this guide on how this is done “how to set the PowerShell Execution Policy via the Windows Registry settings“. You may also find this article interesting “How to Set Execution Policy via Windows Settings“.

PowerShell Policies

Below are the various values of policies that exist. 

  • AllSigned: This runs the only script that is signed by a trusted publisher only. 
  • ByPass: Configured to permit a certain script to run
  • Default: By default, the Execution Policy is set to restricted for Windows devices and for server, it is RemoteSigned. 
  • RemoteSgned: The script must be signed by a trusted publisher before they are permitted to run.  Scripts that you run from the local computer don’t need to be signed. There are no prompts when you attempt to run a script. 
  • Restricted: In this mode, no PowerShell script is allowed to run on the device.  
  • Unrestricted: In this mode, regardless of where they are created or downloaded from, these scripts are run on the devices. 
  • Undefined (No execution policy): This value does not have the execution policy set. The effective execution policy is Restricted, which is the default execution policy.   

PowerShell Scope

This specifies the scope that the execution policy is run on. The Execution Policy can be run and set in various scopes as shown below. The effective execution policy is determined by the order of precedence as follows. See the screenshot below for more information.

  • MachinePolicy 
  • LocalMachine 
  • Process
  • UserPolicy
  • CurrentUser 

Open PowerShell (This is usually advisable to be run in Admin mode). Type the following command and press the Enter key

- Get-ExecutionPolicy -List 

To view the current policy, use

Get-ExecutionPolicy

Set PowerShell Execution Policy 

The Set-ExecutionPolicy cmdlet changes PowerShell execution policies for Windows computers. Here is how to see the PowerShell Execution Policy. 

Type the following command and press the Enter key
- Set-ExecutionPolicy Unrestricted

Please see How to Scan Your Code by Integrating SonarCloud into your GitHub Repository, how to Move Azure Resources between Subscriptions, and How to Install SASS on VsCode.

Note: When you hit enter after the prompt, you can select any of the options as follow; by selecting yes, or Yes to All or No. When you hit enter without choosing a value, the No (Nien switch) is selected automatically and the script will not run. Pay close attention to the script below as the position was taken by default and this was set to unrestricted.

Note: Set-ExecutionPolicy doesn’t change the MachinePolicy and UserPolicy scopes because they are set by Group Policies. The Set-ExecutionPolicy doesn’t override a Group Policy, even if the user preference is more restrictive than the policy.

Here is an example of how to set an execution policy to unrestricted and this will permit all scripts to be run on the device.

An example here which is also a best practice measure is to allow the script testwsus.ps1 to run only in order not to set the global execution policy to unrestricted as shown below.  

Set-ExecutionPolicy Bypass -File .\testwsus.ps1

If you don´t want to set this parameter for the entire system you are able to start a PowerShell session in unrestricted mode. 

set-executionpolicy unrestricted -command .\testwsus.ps1

Please see how to Configuring DHCP Scope: Post-deployment of Dynamic Host Configuration Protocol, How to work with Microsoft Blackboard via private or commercial account, How to Clone a Virtual Machine via Export and Import and Copying the Virtual Hard Disk on Hyper-V, how to Enable Internet Explorer Mode in Edge in Windows 11, and how to protect your Windows PC from potentially unwanted applications.

Set PowerShell Execution Policy via a script

Below is a PowerShell script that is capable of changing the execution policy. Kindly save it in the following format and run it as an administrator. With the script below, we can define the execution policy of our choice. The script will then check if it matches the current execution policy. If not, the execution policy will be changed.

$Policy = "RemoteSigned" 
If ((Get-ExecutionPolicy) -ne $Policy) {    
 Set-ExecutionPolicy $Policy -Force   
Exit
}

I hope you found this blog post helpful on how to set Execution Policy via Windows PowerShell. If you have any questions, please let me know in the comment session.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x