How To Enable Script Execution In Windows PowerShell

PowerShell ScriptPowerShell Script

Windows PowerShell is a powerful tool that can be used by system administrators and power users to perform administrative tasks, including task automation, managing user accounts and groups, etc. Despite this, PowerShell does not allow you to run scripts by default.

Instead, Microsoft pre-installed PowerShell Integrated Scripting Environment (ISE) in Windows 10 and 11, specifically used to run scripts. But what if you need to run scripts and cmdlets simultaneously in PowerShell?

If you try running a script in PowerShell, you will see the following error message:

error
A script cannot execute with default PowerShell policies

In that case, you need to explicitly allow PowerShell to run scripts. Not only that, but you can also define the policies used to execute the script, as well as its scope.

Let us now dig into the details of the execution policy and its scope, and then show you how to enable script execution in Windows PowerShell.

What is a script?

A script is a piece of code, in any programming language, which performs a specific function or a task. A script can be as short as a single expression, or as long as running a complex algorithm.

Scripts can be run directly in a scripting environment – an application designed for coding – or saved in a file, such as a batch file.

In the case of PowerShell scripts, we run the code directly inside the PowerShell window or run a PowerShell file with the extension “.PS1” which contains the script.

Before we discuss how to allow script execution in PowerShell, here is some information we think you ought to know beforehand.

What is the Set-ExecutionPolicy command?

An execution policy, as the name implies, is the policy the program adopts to run something. In this case, PowerShell’s execution policy would determine which scripts to trust, and which could be malicious.

The “Set-ExecutionPolicy” is a PowerShell cmdlet that lets to change, set, and manage the execution policy by your instance of PowerShell. Depending on the execution policy that you set and the configurations you make (using the parameters and switches), PowerShell will permit or allow scripts to run on your computer.

The execution policies are in place to keep your systems secure. This way, malicious and unwanted scripts could be prevented from running on your PC without your knowledge, protecting your system from outside threats and cyberattacks.

PowerShell execution policies and scopes

As we mentioned earlier, you can optionally choose from the different script execution policies that can be configured for PowerShell. Each of these policies is designed to distinguish between the different types of scripts, and which to allow and which to block. The table below lists the policies you can choose from and what each of them allows.

Execution PolicyDescription
DefaultSets Windows to the default execution policy (Restricted for Windows and RemoteSigned for Servers).
RestrictedThis is the default execution policy for Windows 10 and 11. You can’t run any PowerShell scripts and PowerShell is set to interactive mode so that you can only run individual commands.
RemoteSignedThis is the default execution policy for Windows Servers. You can run downloaded PowerShell scripts, but they must be signed by a trusted publisher. Self-written (non-downloaded) PowerShell scripts can run without a signature.
AllSignedYou can only run PowerShell scripts from a trusted publisher, regardless of where they come from.
UnrestrictedYou can run unsigned scripts, but you’ll get a warning before trying to run ones that come from the internet.
BypassThis is the least strict setting. Run any script with no warnings or prompts. Not recommended for anything other than test machines.
UndefinedNo policy has been implemented, which automatically applies to the Restricted policy.
PowerShell script execution policies and what they mean

Furthermore, each of these policies can be defined for a different scope. By scope, we mean where the policy will be applied. The table below lists the different scopes.

ScopeDescription
ProcessSet the execution policy for the current Windows PowerShell instance. This will discontinue once PowerShell is closed.
CurrentUserThe execution policy is set for the current user only and stored in the HKEY_CURRENT_USER registry key.
LocalMachineSets the policy for everyone on the machine via a HKEY_LOCAL_MACHINE key.
MachinePolicyConfigured using Group Policy for all user accounts on the computer.
UserPolicyConfigured using Group Policy for the current user account.
PowerShell script execution scopes

You can use these execution policies and scopes to manage how to execute scripts in Windows PowerShell.

How to allow scripts to run in PowerShell

You can now use a combination of execution policies and scopes to configure how you want to run your scripts. Each of the sections below gives a different example of how to set a policy.

Set script execution policy to RemoteSigned

Users usually prefer setting the script execution policy for Windows PowerShell to RemoteSigned, as it keeps their system safe by preventing unauthorized scripts from running. There are 2 ways in Windows to configure this policy.

Set PowerShell script execution policy from Settings

The Settings app in Windows allows you to manage how, whether you wish to allow scripts to run in PowerShell or not. Here’s how to enable it:

  1. Press the Windows Key + i shortcut keys to open the Settings app.

  2. Navigate to the following depending on your OS version:

    • Windows 11: Settings app >> Privacy & security >> For developers
    • Windows 10: Settings app >> Update & security >> For developers
  3. scroll down and check the box next to “Change execution policy to allow local PowerShell scripts to run without signing. Require signing for remote scripts“, and then click Apply.

    Change PowerShell execution policy to RemoteSigned from Settings
    Change PowerShell execution policy to RemoteSigned from Settings

Note that this will only allow scripts from trusted online and local sources in the “CurrentUser” scope.

Set PowerShell script execution policy using PowerShell

If you’d prefer only the Command Line Interface (CLI), here is how to configure the RemoteSigned Execution Policy directly from PowerShell:

  1. Launch an elevated PowerShell instance.

  2. Run the following command:

    Set-ExecutionPolicy RemoteSigned
    set remote
    Set execution policy to RemoteSigned using PowerShell
  3. Now enter A to confirm.

    A remote
    Confirm action

The command above will set the RemoteSigned execution policy for all users on the computer (scope: LocalMachine). If you want to change the scope of the policy, use the -Scope parameter followed by the scope name. Here is an example:

Set-ExecutionPolicy RemoteSigned -Scope CurrentUser

You will then need to confirm this change as well.

scope a remote
Script execution policy changed to RemoteSigned for CurrentUser only

Change script execution policy for specific scope

You can now use this method to configure any one of the above-discussed policies to any scope using the cmdlet below. Simply replace [NewPolicy] with the Execution Policy you want to set and [NewScope] with the Scope where you want to define it.

Set-ExecutionPolicy [NewPolicy] -Scope [NewScope]

Set script execution policy to default

If you no longer wish to allow scripts to run in PowerShell, you can always change their value to default, which is Undefined or Restricted. However, if a policy has been applied to a specific scope, then you need to update the policy for that particular scope again.

In the command below, we are going to restore the script execution policy for the LocalMachine scope to its default setting:

Set-ExecutionPolicy Undefined -Scope LocalMachine
undefined
Script execution policy reverted to default for LocalMachine

You can now run the script again with a different scope to change all scopes to their default (restricted) policy.

How to check PowerShell execution policy

To check your current script execution policy in PowerShell, run the following command in PowerShell:

Get-ExecutionPolicy -List
get policy
Get current execution policy settings

You can then use this information to change your script execution policy using the guide given above.

Frequently Asked Questions (FAQs)

How do we allow PowerShell script only this once?

You can use the Process scope to restrict the execution policy to one-time only. The execution policy will then revert once the PowerShell window is closed. Here is an example code to set the execution policy to RemoteSigned for this instance of PowerShell only:
Set-ExecutionPolicy RemoteSigned -Scope Process -Force

How do we revert all script execution policies to default?

If you have defined the execution policies scope-wise, then you must revert them scope-wise as well. However, in case you did not define a scope ( where the policy is automatically configured for LocalMachine), use the following cmdlet to change it back to default:
Set-ExecutionPolicy Undefined

How do we allow PowerShell scripts for current user account only?

You can define a script execution policy on your current account only by defining the scope to “CurrentUser.” Here is an example:
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
This will prevent all other users from running a script in Windows PowerShell.

If you liked this post, Share it on:

Get Updates in Your Inbox

Sign up for the regular updates and be the first to know about the latest tech information

Subhan Zafar is an established IT professional with interests in Windows and Server infrastructure testing and research, and is currently working with Itechtics as a research consultant. He has studied Electrical Engineering and is also certified by Huawei (HCNA & HCNP Routing and Switching).

Leave the first comment