How to Enable Script Execution in Windows PowerShell

.

Reading Time: 6 min.

Windows PowerShell is a powerful tool that can be used by system administrators and power users to perform administrative tasks, including task automation, managing user accounts and groups, etc. Despite this, PowerShell does not allow you to run scripts by default. Instead, Microsoft…

PowerShell ScriptPowerShell Script

Windows PowerShell is a powerful tool that can be used by system administrators and power users to perform administrative tasks, including task automation, managing user accounts and groups, etc. Despite this, PowerShell does not allow you to run scripts by default.

Instead, Microsoft pre-installed PowerShell Integrated Scripting Environment (ISE) in Windows 10 and 11, specifically used to run scripts. But what if you need to run scripts and cmdlets simultaneously in PowerShell?

If you try running a script in PowerShell, you will get see the following error message:

error
Script cannot execute with default policies

In that case, you need to explicitly allow PowerShell to run scripts. Not only that, but you can also define policies used to execute the script, as well as its scope.

Let us now dig into the details of the execution policy and its scope, and then show you how to enable script execution in Windows PowerShell.

What is a Script?

A script is a piece of code, in any programming language, which performs a specific function or a task. A script can be as short as a single expression, or as long as running a complex algorithm.

Scripts can be run directly in a scripting environment – an application designed for coding – or saved in a file, such as a batch file.

In the case of PowerShell scripts, we run the code directly inside the PowerShell window or run a PowerShell file with the extension “.PS1” which contains the script.

Before we discuss how to allow script execution in PowerShell, here is some information we think you ought to know beforehand.

PowerShell Execution Policies and Scopes

As we mentioned earlier, you can optionally choose from the different script execution policies that can be configured for PowerShell. Each of these policies is designed to distinguish between the different types of scripts, and which to allow and which to block. The table below lists the policies you can choose from and what each of them allows.

Execution PolicyDescription
DefaultSets Windows to the default execution policy (Restricted for Windows and RemoteSigned for Servers).
RestrictedThis is the default execution policy for Windows 10 and 11. You can’t run any PowerShell scripts and PowerShell is set to interactive mode so that you can only run individual commands.
RemoteSignedThis is the default execution policy for Windows Servers. You can run downloaded PowerShell scripts, but they must be signed by a trusted publisher. Self-written (non-downloaded) PowerShell scripts can run without a signature.
AllSignedYou can only run PowerShell scripts from a trusted publisher, regardless of where they come from.
UnrestrictedYou can run unsigned scripts, but you’ll get a warning before trying to run ones that come from the internet.
BypassThis is the least strict setting. Run any script with no warnings or prompts. Not recommended for anything other than test machines.
UndefinedNo policy has been implemented, which automatically applies to the Restricted policy.
PowerShell script execution policies

Furthermore, each of these policies can be defined for a different scope. By scope, we mean where the policy will be applied. The table below lists the different scopes.

ScopeDescription
ProcessSet the execution policy for the current Windows PowerShell instance. This will discontinue once PowerShell is closed.
CurrentUserThe execution policy is set for the current user only and stored in the HKEY_CURRENT_USER registry key.
LocalMachineSets the policy for everyone on the machine via a HKEY_LOCAL_MACHINE key.
MachinePolicyConfigured using Group Policy for all user accounts on the computer.
UserPolicyConfigured using Group Policy for the current user account.
PowerShell script execution scopes

You can use these execution policies and scopes to manage how to execute scripts in Windows PowerShell.

How to Allow Scripts to Run in PowerShell

You can now use a combination of execution policies and scopes to configure how you want to run your scripts. Each of the sections below gives a different example of how to set a policy.

Set Script Execution Policy to RemoteSigned

Users usually prefer setting the script execution policy for Windows PowerShell to RemoteSigned, as it keeps their system safe by preventing unauthorized scripts from running. There are 2 ways in Windows to configure this policy.

Through Settings App

The Settings app in Windows allows you to manage how, whether you wish to allow scripts to run in PowerShell or not. Here’s how to enable it:

  1. Navigate to the following:
    1. Windows 11: Settings app >> Privacy & security >> For developers
    2. Windows 10: Settings app >> Update & security >> For developers
  2. Now scroll down to the bottom of the page and check the box next to “Change execution policy to allow local PowerShell scripts to run without signing. Require signing for remote scripts” under the PowerShell section. Then click Apply.
    settings app

Note that this will only allow scripts from trusted online and local sources in the “CurrentUser” scope.

From PowerShell

If you’d prefer only the Command Line Interface (CLI), here is how to configure the RemoteSigned Execution Policy directly from PowerShell:

  1. Launch PowerShell with administrative rights.
  2. Now paste the following command and hit Enter.
    Set-ExecutionPolicy RemoteSigned
    set remote
  3. Now enter A to confirm.
    A remote

The command above will set the RemoteSigned execution policy for all users on the computer (scope: LocalMachine). If you want to change the scope of the policy, use the -Scope parameter followed by the scope name. Here is an example:

Set-ExecutionPolicy RemoteSigned -Scope CurrentUser

You will then need to confirm this change as well.

scope a remote
Script execution policy changed to RemoteSigned for CurrentUser only

How to Change Script Execution Policy for Specific Scope

You can now use this method to configure any one of the above-discussed policies to any scope using the cmdlet below. Simply replace NewPolicy with the Execution Policy and NewScope with the Scope where you want to define it.

Set-ExecutionPolicy NewPolicy -Scope NewScope

Set Script Execution Policy to Default

If you no longer wish to allow scripts to run in PowerShell, you can always change their value to default, which is Undefined or Restricted. However, if a policy has been applied to a specific scope, then you need to update the policy for that particular scope again.

In the command below, we are going to restore the script execution policy for the LocalMachine scope to its default setting:

Set-ExecutionPolicy Undefined -Scope LocalMachine
undefined
Script execution policy reverted to default for LocalMachine

You can now run the script again with a different scope to change all scopes to their default (restricted) policy.

How to Check PowerShell Execution Policy

To check your current script execution policy in PowerShell, run the following command in PowerShell:

Get-ExecutionPolicy -List
get policy
Get current execution policy settings

You can then use this information to change your script execution policy using the guide given above.

Frequently Asked Questions (FAQs)

How do we allow PowerShell script only this once?

You can use the Process scope to restrict the execution policy to one-time only. The execution policy will then revert once the PowerShell window is closed. Here is an example code to set the execution policy to RemoteSigned for this instance of PowerShell only:
Set-ExecutionPolicy RemoteSigned -Scope Process -Force

How do we revert all script execution policies to default?

If you have defined the execution policies scope-wise, then you must revert them scope-wise as well. However, in case you did not define a scope ( where the policy is automatically configured for LocalMachine), use the following cmdlet to change it back to default:
Set-ExecutionPolicy Undefined

How do we allow PowerShell scripts for current user account only?

You can define a script execution policy on your current account only by defining the scope to “CurrentUser.” Here is an example:
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
This will prevent all other users from running a script in Windows PowerShell.

Read Next:

CommentsComments

Leave a Reply

Related topics: