PowerShell is configured to prevent the execution of PowerShell scripts on Windows systems by default. The PowerShell execution policy is a safety feature implemented to controls the various conditions under which PowerShell loads configuration files and runs scripts. This feature helps prevent the execution of malicious scripts. In order to run and execute scripts, one of the following values must be taken into consideration. See this guide on how this is done via the registry.
Below are the various values of policies that exist.
- AllSigned: This runs the only script that is signed by a trusted publisher only.
- ByPass: Configured to permit a certain script to run
- Default: By default, the Execution Policy is set to restricted for Windows devices and for server, it is RemoteSigned.
- RemoteSgned: The script must be signed by a trusted publisher before they are permitted to run. Scripts that you run from the local computer don’t need to be signed. There are no prompts when you attempt to run a script.
- Restricted: In this mode, no PowerShell script is allowed to run on the device.
- Unrestricted: In this mode, regardless of where they are created or downloaded from, these scripts are run on the devices.
- Undefined (No execution policy): This value does not have the execution policy set. The effective execution policy is Restricted, which is the default execution policy.
Scope: This specifies the scope that the execution policy is run on. The execution Policy can be run and set in various scopes as shown below. The effective execution policy is determined by the order of precedence as follows. See the screenshot below for more information.
Open PowerShell (This is usually advisable to be run in Admin mode)
Type the following command and press the Enter key - Get-ExecutionPolicy -List To view the currrent policy - use "Get-ExecutionPolicy"
The Set-ExecutionPolicy cmdlet changes PowerShell execution policies for Windows computers. Here is how to see the PowerShell Execution Policy.
Type the following command and press the Enter key - Set-ExecutionPolicy Unrestricted
Note: When you hit enter after the prompt, you can selected any of the options as follow; by selecting yes, or Yes to All or No. When you hit enter without choosing a value, the No (Nien switch) is selected automatically and the script will not run. Pay close attention to the script below as the position was taken by default and this was set to unrestricted.
Note: Set-ExecutionPolicy doesn’t change the MachinePolicy and UserPolicy scopes because they are set by Group Policies. The Set-ExecutionPolicy doesn’t override a Group Policy, even if the user preference is more restrictive than the policy.
Here is an example on how to set an execution policy to unrestricted and this will permit all scripts to be run on the device.
An example here which also a best practice measure, is to allow the script testwsus.ps1 to run only in order not to set the global execution policy to unrestricted as shown below.
Set-ExecutionPolicy Bypass -File .\testwsus.ps1
If you don´t want to set this parameter for the entire system you are able to start a powesehll session in unrestricted mode.
set-executionpolicy unrestricted -command .\testwsus.ps1
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.