How to Set PowerShell Script Execution Policy in Windows 10

PowerShell is a powerful tool that many, including myself, don’t use to its full potential. That’s why most of us rely on PowerShell scripts crafted by others, but this can have its own hurdles. Often, you’ll see errors like “PowerShell: running scripts is disabled on this system”. To Enable PowerShell scripts in Windows 10, you must first set the execution policy.

This extra step is to protect you against attackers with malicious scripts, and should only be switched if you trust its source. It’s possible to modify PowerShell script execution via the Group Policy editor and registry, but the easiest and most sensical method is via PowerShell itself. As a result, we’re only going to focus on how to change PowerShell execution policy via the command line today.

PowerShell Execution Policies and Scope values explained

PowerShell has five execution policies; AllSigned, Bypass, RemoteSigned, Restricted, and Unrestricted. It also has three “scope” values which determine how far the PowerShell script execution changes will reach. You can read up on all of them in the tables below:

Execution Policy Description
Default Sets Windows to the default execution policy – Restricted for regular Windows and RemoteSigned for server installs.
Restricted The default execution policy for Windows 10. You can’t run any PowerShell scripts and PowerShell is set to interactive mode so that you can only run individual commands.
RemoteSigned Default for server installs. You can run downloaded PowerShell scripts, but they must be signed by a trusted publisher. Non-downloaded PowerShell scripts don’t need a signature.
AllSigned You can only run PowerShell scripts from a trusted publisher, regardless of where they came from.
Unrestricted You can run unsigned scripts, but you’ll get a warning before trying to run ones that come from the internet.
Bypass The least strict setting. Run any script with no warnings or prompts. Not recommended for anything other than test machines.

 

Scope Description
Process Set the execution policy for the current Windows PowerShell instance.
CurrentUser The execution policy is set for the current user only and stored in the HKEY_CURRENT_USER registry key.
LocalMachine  
AllSigned Sets the policy for everyone on the machine via a HKEY_LOCAL_MACHINE key.

Keep these values in mind as you set your execution policy, as choosing the wrong one could have unintended security consequences.

How to Check Your PowerShell Execution Policy

It’s a good idea to determine what execution policy your PC already has before you change anything. This can also help after you change for verification purposes.

  1. Open PowerShell


    Press “Windows +X” to open the Start context menu and click “Windows PowerShell (Admin)”.

    Windows 10 - Start - PowerShell as admin

  2. Enter the PowerShell get execution policy command


    In the main PowerShell window, type the following and press enter:

    Get-ExecutionPolicy -List

    Check the fields for your current user and local machine to determine the current policy.

    Windows 10 - PowerShell - Get-ExecutionPolicy -List

How to Set PowerShell Execution Policy to RemoteSigned

There’s a fast, UI-friendly way to enable running PowerShell scripts with the RemoteSigned policy via Windows settings.

  1. Go to Update & Security settings


    Press “Windows + I” to open settings and click on “Update & Security”.

    Windows 10 - Settings

  2. Set the PowerShell execution policy to RemoteSigned via developer options


    On the left sidebar, click “For developers”, then scroll down to the “PowerShell” subheading. Tick “change execution policy to allow local PowerShell scripts to run without signing. Require signing for remote scripts.”

    Windows 10 - Settings - Update and Security - PowerShell execution Policy

How to Set the PowerShell Execution Policy for the Current User via PowerShell

Alternatively, you can enable PowerShell scripts via a different policy for the current user through the command-line.

  1. Type the following command:


    Set-ExecutionPolicy Bypass -Scope CurrentUser -Force

    Change “Bypass” for whichever policy type you want to use to enable PowerShell scripts, referring to the table above.

    Windows 10 - PowerShell - Set Execution Policy for Current User

How to Enable PowerShell Scripts for the Local Machine via Command Line

If you want to apply a policy to the machine as a whole that’s possible via a slight change to the command.

  1. (Optional) set the current user policy to Undefined


    When setting your execution policy for the local machine, Windows will use whatever you have chosen for your current user before the global setting. If this happens, you may get an error with the line “Windows PowerShell updated your execution policy successfully, but the setting is overridden by a policy defined at a more specific scope”.

    If you’d like to your current user to have the same setting as the local machine as a whole, you can switch it to Undefined or change it separately in the next step. Otherwise, you can ignore the error.

    Windows 10 - PowerShell - Execution Policy override warning

  2. Use the PowerShell set execution policy command to enable PowerShell scripts in Windows


    You can set the execution policy for the current Windows user and the Local machine with two separate commands:

    Set-ExecutionPolicy Unrestricted -Scope CurrentUser -Force
    Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force


    You can set a different policy for each, based on the table above, or set the current user to “Undefined” to have it follow the Local Machine setting.

    Windows 10 - PowerShell -Deactivate execution Policy override warning

How to Set PowerShell Execution Policy for the Current PowerShell Window Only

For security, it’s generally recommended that most users set PowerShell execution policy on a per-script basis.

  1. Enable PowerShell script execution for the current instance


    In your PowerShell window, type and enter:

    Set-ExecutionPolicy Bypass -Scope Process -Force

    Only do this if you trust the script. You can then run the script as you normally would.

    Windows 10 - PowerShell - Set Execution Policy for Process