How To Enable Script Execution In Windows PowerShell

Windows PowerShell is a powerful tool that can be used by system administrators and power users to perform administrative tasks, including task automation, managing user accounts and groups, etc. Despite this, PowerShell does not allow you to run scripts by default.

Instead, Microsoft pre-installed PowerShell Integrated Scripting Environment (ISE) in Windows 10 and 11, specifically used to run scripts. But what if you need to run scripts and cmdlets simultaneously in PowerShell?

If you try running a script in PowerShell, you will see the following error message:

In that case, you need to explicitly allow PowerShell to run scripts. Not only that, but you can also define the policies used to execute the script, as well as its scope.

Let us now dig into the details of the execution policy and its scope, and then show you how to enable script execution in Windows PowerShell.

What is a script?

A script is a piece of code, in any programming language, which performs a specific function or a task. A script can be as short as a single expression, or as long as running a complex algorithm.

Scripts can be run directly in a scripting environment – an application designed for coding – or saved in a file, such as a batch file.

In the case of PowerShell scripts, we run the code directly inside the PowerShell window or run a PowerShell file with the extension “.PS1” which contains the script.

Before we discuss how to allow script execution in PowerShell, here is some information we think you ought to know beforehand.

What is the Set-ExecutionPolicy command?

An execution policy, as the name implies, is the policy the program adopts to run something. In this case, PowerShell’s execution policy would determine which scripts to trust, and which could be malicious.

The “Set-ExecutionPolicy” is a PowerShell cmdlet that lets to change, set, and manage the execution policy by your instance of PowerShell. Depending on the execution policy that you set and the configurations you make (using the parameters and switches), PowerShell will permit or allow scripts to run on your computer.

The execution policies are in place to keep your systems secure. This way, malicious and unwanted scripts could be prevented from running on your PC without your knowledge, protecting your system from outside threats and cyberattacks.

PowerShell execution policies and scopes

As we mentioned earlier, you can optionally choose from the different script execution policies that can be configured for PowerShell. Each of these policies is designed to distinguish between the different types of scripts, and which to allow and which to block. The table below lists the policies you can choose from and what each of them allows.

Execution Policy	Description
Default	Sets Windows to the default execution policy (Restricted for Windows and RemoteSigned for Servers).
Restricted	This is the default execution policy for Windows 10 and 11. You can’t run any PowerShell scripts and PowerShell is set to interactive mode so that you can only run individual commands.
RemoteSigned	This is the default execution policy for Windows Servers. You can run downloaded PowerShell scripts, but they must be signed by a trusted publisher. Self-written (non-downloaded) PowerShell scripts can run without a signature.
AllSigned	You can only run PowerShell scripts from a trusted publisher, regardless of where they come from.
Unrestricted	You can run unsigned scripts, but you’ll get a warning before trying to run ones that come from the internet.
Bypass	This is the least strict setting. Run any script with no warnings or prompts. Not recommended for anything other than test machines.
Undefined	No policy has been implemented, which automatically applies to the Restricted policy.

Furthermore, each of these policies can be defined for a different scope. By scope, we mean where the policy will be applied. The table below lists the different scopes.

Scope	Description
Process	Set the execution policy for the current Windows PowerShell instance. This will discontinue once PowerShell is closed.
CurrentUser	The execution policy is set for the current user only and stored in the HKEY_CURRENT_USER registry key.
LocalMachine	Sets the policy for everyone on the machine via a HKEY_LOCAL_MACHINE key.
MachinePolicy	Configured using Group Policy for all user accounts on the computer.
UserPolicy	Configured using Group Policy for the current user account.

You can use these execution policies and scopes to manage how to execute scripts in Windows PowerShell.

How to allow scripts to run in PowerShell

You can now use a combination of execution policies and scopes to configure how you want to run your scripts. Each of the sections below gives a different example of how to set a policy.

Set script execution policy to RemoteSigned

Users usually prefer setting the script execution policy for Windows PowerShell to RemoteSigned, as it keeps their system safe by preventing unauthorized scripts from running. There are 2 ways in Windows to configure this policy.

Set PowerShell script execution policy from Settings

The Settings app in Windows allows you to manage how, whether you wish to allow scripts to run in PowerShell or not. Here’s how to enable it:

1. Press the Windows Key + i shortcut keys to open the Settings app.

2. Navigate to the following depending on your OS version:

   • Windows 11: Settings app >> Privacy & security >> For developers
   • Windows 10: Settings app >> Update & security >> For developers

3. scroll down and check the box next to “Change execution policy to allow local PowerShell scripts to run without signing. Require signing for remote scripts“, and then click Apply.

   

Note that this will only allow scripts from trusted online and local sources in the “CurrentUser” scope.

Set PowerShell script execution policy using PowerShell

If you’d prefer only the Command Line Interface (CLI), here is how to configure the RemoteSigned Execution Policy directly from PowerShell:

1. Launch an elevated PowerShell instance.

2. Run the following command:

   Set-ExecutionPolicy RemoteSigned

   

3. Now enter A to confirm.

   

The command above will set the RemoteSigned execution policy for all users on the computer (scope: LocalMachine). If you want to change the scope of the policy, use the -Scope parameter followed by the scope name. Here is an example:

Set-ExecutionPolicy RemoteSigned -Scope CurrentUser

You will then need to confirm this change as well.

Change script execution policy for specific scope

You can now use this method to configure any one of the above-discussed policies to any scope using the cmdlet below. Simply replace [NewPolicy] with the Execution Policy you want to set and [NewScope] with the Scope where you want to define it.

Set-ExecutionPolicy [NewPolicy] -Scope [NewScope]

Set script execution policy to default

If you no longer wish to allow scripts to run in PowerShell, you can always change their value to default, which is Undefined or Restricted. However, if a policy has been applied to a specific scope, then you need to update the policy for that particular scope again.

In the command below, we are going to restore the script execution policy for the LocalMachine scope to its default setting:

Set-ExecutionPolicy Undefined -Scope LocalMachine

You can now run the script again with a different scope to change all scopes to their default (restricted) policy.

How to check PowerShell execution policy

To check your current script execution policy in PowerShell, run the following command in PowerShell:

Get-ExecutionPolicy -List

You can then use this information to change your script execution policy using the guide given above.

Frequently Asked Questions (FAQs)