What is PowerShell ExecutionPolicy?
ExecutionPolicy in PowerShell is a security feature that controls how PowerShell loads configuration files and runs scripts. ExecutionPolicy features helps prevent PowerShell running malicious scripts.
You can set Execution Policy for a computer, a user or a session. The Set-ExecutionPolicy cmdlet can be used to set ExecutionPolicy. PowerShell.exe command also has an ExecutionPolicy parameter that you can use to set Powershell ExecutionPolicy.
In this guide you will learn about the different types of PowerShell Execution Policies. You will also learn how to use Set-ExecutionPolicy and PowerShell.exe -ExecutionPolicy commands.
Available Execution Policies
This section explains the different ExecutionPolicy you can set in PowerShell and what each will allow you to do.
- This is the default execution policy in Windows 8, Server 2012 and above.
- Prevents PowerShell configuration files (.ps1xml), module script files (.psm1), and Windows PowerShell profiles (.ps1) from executing
- Allows individual PowerShell commands but denies scripts
When you set AllSigned ExecutionPolicy, PowerShell:
- Runs all scripts
- Requires that before a script is permitted to run it must be signed by a trusted publisher. This includes scripts written on the local computer
- Prompts to confirm before running a script from a publisher you have not confirmed is trusted
- May run signed but malicious codes
- Allows scripts to run
- Requires that all scripts downloaded from the Internet must be digitally signed by a publisher you specified as trusted. This includes scripts received via email and instant messaging platforms.
- Will not require digital signing of scripts written on a local computer
- May allow running of malicious scripts from other sources
- Allows unassigned scripts to execute
- Will warn you before executing a script from the internet
- Risks running malicious codes or scripts
With Bypass ExecutionPolicy:
- No script is blocked. Does not offer warnings as well.
- Means no ExecutionPolicy is defined
- The effective ExecutionPolicy is Restricted (default)
ExecutionPolicy Scope and Precedence
You can apply PowerShell Execution Policy to:
LocalMcachine: Affects only the current users. This has the least precedence
CurrentUser: The Execution Policy affects only the current user. Takes precedence over LocalMcachine but has a lower precedence over Process.
Process: Applies only to the current session. Takes the highest precedence.
How to Get Current PowerShell ExecutionPolicy
To see the current PowerShell ExecutionPolicy run the command below:
To see the ExecutionPolicy set for all Scopes use this command:
You can also get Execution Policy based on scope. Here are some sample commands:
Get-ExecutionPolicy -Scope CurrentUser
Get-ExecutionPolicy -Scope LocalMachine
Get-ExecutionPolicy -Scope Process
How to Set PowerShell ExecutionPolicy
As I mentioned in the introduction, you can set ExecutionPolicy with the Set-ExecutionPolicy cmdlet. You can also use the PowerShell.exe -ExecutionPolicy command.
How to Set Execution Policy with Set-ExecutionPolicy
The syntax of the Set-ExecutionPolicy cmdlet is:
Set-ExecutionPolicy -ExecutionPolicy <ExecutionPolicy>
As an example, to set the Execution Policy to RemoteSigned use the command below:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
Here is the result of the command.
Here is the command executed as administrator:
As you can see from the image, the new Execution Policy is now RemoteSigned.
From the last 2 commands, I was asked to confirm the command. To bypass this prompt, include the -Force parameter.
The command now executes without prompting for confirmation.
By default this command sets execution policy for LocalMachine scope. To confirm this, run the command below:
To set Execution Policy to apply to another scope, use the –Scope parameter.
The command below sets execution policy for CurrentUser:
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope CurrentUser -Force
As you can see from the result, CurrentUser policy is no longer Undefined. It is now Bypass, the policy set with the last command.
How to Set ExecutionPolicy with PowerShell.exe -ExecutionPolicy
If you want to bypass Execution Policy for the logged in session, you can set Execution Policy for the current command line. This is achieved using the PowerShell.exe command.
Before I give examples, here is the current execution policy:
The current execution policy is Restricted. This is because the Process scope takes precedence. To confirm, see the result below:
If you recollect, Restricted policy will NOT allow scripts to run.
This means that if I try to run a script, I will be denied access. The image below shows a series of commands and their results. See my explanation beneath the image.
The first command shown in the image is:
powershell.exe -file “C:\PS\schedule powershell example\Create-folders-from-text-file.ps1”
I tried to run a PowerShell script. Then I received the error message below:
“File C:\PS\schedule powershell example\Create-folders-from-text-file.ps1 cannot be loaded because running scripts is disabled on this system.”
The reason is because the current execution policy is Restricted. It does not allow any scripts to run.
Back to the reference image. In the next line, I ran the following command:
powershell.exe -file “C:\PS\schedule powershell example\Create-folders-from-text-file.ps1” -ExecutionPolicy Unrestricted
Effectively, I can set a temp execution policy for the command line using the -ExecutionPolicy parameter of the powershell.exe command. But I received the same error message. The reason is that I need to set the execution policy before I call the script.
Then in the next line, I executed this command:
powershell.exe -ExecutionPolicy Unrestricted
This sets the execution policy for the current logged in session to Unrestricted. So when I now run my PowerShell script, it executed successfully! See the reference image above.
To confirm that Powershell.exe only sets policy for the current session, I will run the command below from the current session:
The result is Unrestricted for the CurrentUser scope. If I log off my current session and log back on. It will revert back to the policy set by Set-ExecutionPolicy command.
I hope I have been able to simplify how to get and set PowerShell Execution Policies. If you have any question or comments use the “Leave a Reply” form at the end of the page.
Other Helpful Guides
- PowerShell Not Equal Operator: Applications, Examples
- Powershell For Loop Explained: Syntax and Examples