- 1 How to Check Your PowerShell Execution Policy
- 2 How to Set PowerShell Execution Policy to RemoteSigned
- 3 How to Set the PowerShell Execution Policy for the Current User via PowerShell
- 4 How to Enable PowerShell Scripts for the Local Machine via Command Line
- 5 How to Set PowerShell Execution Policy for the Current PowerShell Window Only
PowerShell is a powerful tool that many, including myself, don't use to its full potential. That's why most of us rely on PowerShell scripts crafted by others, but this can have its own hurdles. Often, you'll see errors like “PowerShell: running scripts is disabled on this system”. To Enable PowerShell scripts in Windows 10, you must first set the execution policy.
This extra step is to protect you against attackers with malicious scripts, and should only be switched if you trust its source. It's possible to modify PowerShell script execution via the Group Policy editor and registry, but the easiest and most sensical method is via PowerShell itself. As a result, we're only going to focus on how to change PowerShell execution policy via the command line today.
PowerShell Execution Policies and Scope values explained
PowerShell has five execution policies; AllSigned, Bypass, RemoteSigned, Restricted, and Unrestricted. It also has three “scope” values which determine how far the PowerShell script execution changes will reach. You can read up on all of them in the tables below:
|Default||Sets Windows to the default execution policy – Restricted for regular Windows and RemoteSigned for server installs.|
|Restricted||The default execution policy for Windows 10. You can't run any PowerShell scripts and PowerShell is set to interactive mode so that you can only run individual commands.|
|RemoteSigned||Default for server installs. You can run downloaded PowerShell scripts, but they must be signed by a trusted publisher. Non-downloaded PowerShell scripts don't need a signature.|
|AllSigned||You can only run PowerShell scripts from a trusted publisher, regardless of where they came from.|
|Unrestricted||You can run unsigned scripts, but you'll get a warning before trying to run ones that come from the internet.|
|Bypass||The least strict setting. Run any script with no warnings or prompts. Not recommended for anything other than test machines.|
|Process||Set the execution policy for the current Windows PowerShell instance.|
|CurrentUser||The execution policy is set for the current user only and stored in the HKEY_CURRENT_USER registry key.|
|AllSigned||Sets the policy for everyone on the machine via a HKEY_LOCAL_MACHINE key.|
Keep these values in mind as you set your execution policy, as choosing the wrong one could have unintended security consequences.
How to Check Your PowerShell Execution Policy
It's a good idea to determine what execution policy your PC already has before you change anything. This can also help after you change for verification purposes.
- Open PowerShell
Press “Windows +X” to open the Start context menu and click “Windows PowerShell (Admin)”.
- Enter the PowerShell get execution policy command
In the main PowerShell window, type the following and press enter:
Check the fields for your current user and local machine to determine the current policy.
How to Set PowerShell Execution Policy to RemoteSigned
There's a fast, UI-friendly way to enable running PowerShell scripts with the RemoteSigned policy via Windows settings.
- Go to Update & Security settings
Press “Windows + I” to open settings and click on “Update & Security”.
- Set the PowerShell execution policy to RemoteSigned via developer options
On the left sidebar, click “For developers”, then scroll down to the “PowerShell” subheading. Tick “change execution policy to allow local PowerShell scripts to run without signing. Require signing for remote scripts.”
How to Set the PowerShell Execution Policy for the Current User via PowerShell
Alternatively, you can enable PowerShell scripts via a different policy for the current user through the command-line.
How to Enable PowerShell Scripts for the Local Machine via Command Line
If you want to apply a policy to the machine as a whole that's possible via a slight change to the command.
- (Optional) set the current user policy to Undefined
When setting your execution policy for the local machine, Windows will use whatever you have chosen for your current user before the global setting. If this happens, you may get an error with the line “Windows PowerShell updated your execution policy successfully, but the setting is overridden by a policy defined at a more specific scope”.
If you'd like to your current user to have the same setting as the local machine as a whole, you can switch it to Undefined or change it separately in the next step. Otherwise, you can ignore the error.
- Use the PowerShell set execution policy command to enable PowerShell scripts in Windows
You can set the execution policy for the current Windows user and the Local machine with two separate commands:
Set-ExecutionPolicy Unrestricted -Scope CurrentUser -Force
Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force
You can set a different policy for each, based on the table above, or set the current user to “Undefined” to have it follow the Local Machine setting.
How to Set PowerShell Execution Policy for the Current PowerShell Window Only
For security, it's generally recommended that most users set PowerShell execution policy on a per-script basis.