Windows PowerShell is a powerful tool that can be used by system administrators and power users to perform administrative tasks, including task automation, managing user accounts and groups, etc. Despite this, PowerShell does not allow you to run scripts by default.
Instead, Microsoft pre-installed PowerShell Integrated Scripting Environment (ISE) in Windows 10 and 11, specifically used to run scripts. But what if you need to run scripts and cmdlets simultaneously in PowerShell?
If you try running a script in PowerShell, you will see the following error message:
In that case, you need to explicitly allow PowerShell to run scripts. Not only that, but you can also define the policies used to execute the script, as well as its scope.
Let us now dig into the details of the execution policy and its scope, and then show you how to enable script execution in Windows PowerShell.
This page covers
What is a script?
A script is a piece of code, in any programming language, which performs a specific function or a task. A script can be as short as a single expression, or as long as running a complex algorithm.
Scripts can be run directly in a scripting environment – an application designed for coding – or saved in a file, such as a batch file.
In the case of PowerShell scripts, we run the code directly inside the PowerShell window or run a PowerShell file with the extension “.PS1” which contains the script.
Before we discuss how to allow script execution in PowerShell, here is some information we think you ought to know beforehand.
What is the Set-ExecutionPolicy command?
An execution policy, as the name implies, is the policy the program adopts to run something. In this case, PowerShell’s execution policy would determine which scripts to trust, and which could be malicious.
The “Set-ExecutionPolicy” is a PowerShell cmdlet that lets to change, set, and manage the execution policy by your instance of PowerShell. Depending on the execution policy that you set and the configurations you make (using the parameters and switches), PowerShell will permit or allow scripts to run on your computer.
The execution policies are in place to keep your systems secure. This way, malicious and unwanted scripts could be prevented from running on your PC without your knowledge, protecting your system from outside threats and cyberattacks.
PowerShell execution policies and scopes
As we mentioned earlier, you can optionally choose from the different script execution policies that can be configured for PowerShell. Each of these policies is designed to distinguish between the different types of scripts, and which to allow and which to block. The table below lists the policies you can choose from and what each of them allows.
|Default||Sets Windows to the default execution policy (Restricted for Windows and RemoteSigned for Servers).|
|Restricted||This is the default execution policy for Windows 10 and 11. You can’t run any PowerShell scripts and PowerShell is set to interactive mode so that you can only run individual commands.|
|RemoteSigned||This is the default execution policy for Windows Servers. You can run downloaded PowerShell scripts, but they must be signed by a trusted publisher. Self-written (non-downloaded) PowerShell scripts can run without a signature.|
|AllSigned||You can only run PowerShell scripts from a trusted publisher, regardless of where they come from.|
|Unrestricted||You can run unsigned scripts, but you’ll get a warning before trying to run ones that come from the internet.|
|Bypass||This is the least strict setting. Run any script with no warnings or prompts. Not recommended for anything other than test machines.|
|Undefined||No policy has been implemented, which automatically applies to the Restricted policy.|
Furthermore, each of these policies can be defined for a different scope. By scope, we mean where the policy will be applied. The table below lists the different scopes.
|Process||Set the execution policy for the current Windows PowerShell instance. This will discontinue once PowerShell is closed.|
|CurrentUser||The execution policy is set for the current user only and stored in the HKEY_CURRENT_USER registry key.|
|LocalMachine||Sets the policy for everyone on the machine via a HKEY_LOCAL_MACHINE key.|
|MachinePolicy||Configured using Group Policy for all user accounts on the computer.|
|UserPolicy||Configured using Group Policy for the current user account.|
You can use these execution policies and scopes to manage how to execute scripts in Windows PowerShell.
How to allow scripts to run in PowerShell
You can now use a combination of execution policies and scopes to configure how you want to run your scripts. Each of the sections below gives a different example of how to set a policy.
Set script execution policy to RemoteSigned
Users usually prefer setting the script execution policy for Windows PowerShell to RemoteSigned, as it keeps their system safe by preventing unauthorized scripts from running. There are 2 ways in Windows to configure this policy.
Set PowerShell script execution policy from Settings
The Settings app in Windows allows you to manage how, whether you wish to allow scripts to run in PowerShell or not. Here’s how to enable it:
Press the Windows Key + i shortcut keys to open the Settings app.
Navigate to the following depending on your OS version:
- Windows 11:
Settings app >> Privacy & security >> For developers
- Windows 10:
Settings app >> Update & security >> For developers
- Windows 11:
scroll down and check the box next to “Change execution policy to allow local PowerShell scripts to run without signing. Require signing for remote scripts“, and then click Apply.
Note that this will only allow scripts from trusted online and local sources in the “CurrentUser” scope.
Set PowerShell script execution policy using PowerShell
If you’d prefer only the Command Line Interface (CLI), here is how to configure the RemoteSigned Execution Policy directly from PowerShell:
Launch an elevated PowerShell instance.
Run the following command:
Now enter A to confirm.
The command above will set the RemoteSigned execution policy for all users on the computer (scope: LocalMachine). If you want to change the scope of the policy, use the
-Scope parameter followed by the scope name. Here is an example:
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
You will then need to confirm this change as well.
Change script execution policy for specific scope
You can now use this method to configure any one of the above-discussed policies to any scope using the cmdlet below. Simply replace [NewPolicy] with the Execution Policy you want to set and [NewScope] with the Scope where you want to define it.
Set-ExecutionPolicy [NewPolicy] -Scope [NewScope]
Set script execution policy to default
If you no longer wish to allow scripts to run in PowerShell, you can always change their value to default, which is Undefined or Restricted. However, if a policy has been applied to a specific scope, then you need to update the policy for that particular scope again.
In the command below, we are going to restore the script execution policy for the LocalMachine scope to its default setting:
Set-ExecutionPolicy Undefined -Scope LocalMachine
You can now run the script again with a different scope to change all scopes to their default (restricted) policy.
How to check PowerShell execution policy
To check your current script execution policy in PowerShell, run the following command in PowerShell:
You can then use this information to change your script execution policy using the guide given above.
Frequently Asked Questions (FAQs)
How do we allow PowerShell script only this once?
You can use the Process scope to restrict the execution policy to one-time only. The execution policy will then revert once the PowerShell window is closed. Here is an example code to set the execution policy to RemoteSigned for this instance of PowerShell only:
Set-ExecutionPolicy RemoteSigned -Scope Process -Force
How do we revert all script execution policies to default?
If you have defined the execution policies scope-wise, then you must revert them scope-wise as well. However, in case you did not define a scope ( where the policy is automatically configured for LocalMachine), use the following cmdlet to change it back to default:
How do we allow PowerShell scripts for current user account only?
You can define a script execution policy on your current account only by defining the scope to “CurrentUser.” Here is an example:
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
This will prevent all other users from running a script in Windows PowerShell.