How to Set PowerShell Execution Policy: Full Guide
In this tutorial, we’ll learn about the PowerShell Execution Policy, which controls how scripts are run and executed on your computer.
Before we go any further, if you just want to run scripts without diving into the details of the execution policy, you can run the following command to allow your current user to run any script.
Set-ExecutionPolicy Bypass CurrentUserIf you want all users on your computer to run scripts, use the following command:
Set-ExecutionPolicy Bypass LocalMachineYou can view the current execution policy by running the following command:
Get-ExecutionPolicyWhat is PowerShell Execution Policy?
The PowerShell execution policy determines whether you can run PowerShell scripts.
If the execution policy is set to Restricted, you won’t be able to run scripts, and you’ll get an error like running scripts is disabled on this system.
If you want to run scripts, you need to change the execution policy to one that allows script execution. The table below shows the list of execution policies you can set with the Set-ExecutionPolicy command.
Restricted | You cannot run any PowerShell scripts. |
AllSigned | You can run scripts signed by a trusted publisher. |
RemoteSigned | You can run scripts you create locally, but scripts downloaded from the internet must be signed by a trusted publisher. |
Unrestricted | All scripts are allowed to run, but a warning will appear when running downloaded scripts. |
Bypass | Allows all scripts to run without any restrictions or warnings. |
Examples
Set the PowerShell execution policy to Bypass for the current user:
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope CurrentUserSet the execution policy to RemoteSigned for the current user:
Set-ExecutionPolicy RemoteSigned CurrentUserNote that you can omit parameter names as long as you specify the parameters in order (policy followed by scope).
Get-ExecutionPolicy is the command used to check the execution policy in PowerShell.
Understanding Execution Policy Scopes
The scope allows the execution policy to be applied at different levels. By default, if you don't specify a scope, the policy applies to the LocalMachine scope, meaning it will affect all users on the computer.
Here is the list of scopes:
MachinePolicy- Used in Active Directory domain environments to apply policies to all users on a computer through Group Policy.UserPolicy- Used in Active Directory domain environments to apply policies to the current user on a computer through Group Policy.Process- This scope applies the execution policy temporarily to the current PowerShell window.CurrentUser- The execution policy applies only to the current user.LocalMachine- The execution policy applies to all users on the computer.
You can set the Process and CurrentUser scopes without administrative privileges, while the LocalMachine scope requires administrative privileges.
Scopes Have Priorities
The most important thing to know about scopes is that they have priorities, as listed by the Get-ExecutionPolicy -List command.
The MachinePolicy scope has the highest priority, while the LocalMachine scope has the lowest priority.
A scope with higher priority can override the policy of a scope with lower priority. For example, if the LocalMachine policy is Restricted and the CurrentUser policy is Bypass, the user will be able to run scripts because the CurrentUser scope has a higher priority than the LocalMachine scope.
Examples
Set the PowerShell execution policy to RemoteSigned for all users on the computer.
Set-ExecutionPolicy RemoteSigned LocalMachineSet the current user's execution policy to Unrestricted:
Set-ExecutionPolicy Unrestricted CurrentUserSet the execution policy to Bypass for the current PowerShell session:
Set-ExecutionPolicy Bypass ProcessRun the following command to view the execution policy for each scope:
Get-ExecutionPolicy -ListNote that you can unset the execution policy for a scope by setting it to Undefined. For example, the following command removes the execution policy from the CurrentUser scope:
Set-ExecutionPolicy Undefined CurrentUserRemember, the execution policy is a security feature that helps prevent malicious scripts from running on your computer. It’s a good idea at least to use AllSigned or RemoteSigned for better security. Choose your execution policy carefully.