Have you ran into the error “execution of scripts is disabled on this system”? Every, single person that has started using PowerShell has ran into that error!
In this cmdlet of the day blog, I cover the Set-ExecutionPolicy cmdlet which allows you to change your PowerShell execution policy to get you going!
The Set-ExecutionPolicy cmdlet is one that most newcomers to PowerShell get familiar with real quick especially if they launch PowerShell on an older operating system. Why?
Because PowerShell script execution and any PowerShell module wouldn’t work! A newbie may create a script in the PowerShell ISE, try to execute a PowerShell script and immediately wonder why her script won’t execute.
They’d then do a little Googling and find the method to find the applied execution policy, run
Get-ExecutionPolicy to find it is restricted.
One of the first hurdles everyone new to PowerShell must overcome is figuring out how to just run scripts. Before Windows Server 2012 R2, it was not possible to run any scripts without first opening a PowerShell window and running the PowerShell
Set-ExecutionPolicy cmdlet in the PowerShell console.
Nowadays, the restrictions have been lifted a little bit but it’s still necessary to get acclimated to
Set-ExecutionPolicy if you plan to download and run scripts downloaded from the Internet. Because it’s either using this cmdlet or perhaps using group policy to change the execution policy across many computers at once.
The Set-ExcutionPolicy cmdlet that comes with PowerShell that changes the execution policy of your PowerShell session. By default, prior to Windows Server 2012 R2, the execution policy was set to
AllSigned which meant all scripts had to first be cryptographically signed to run.
When you’re just starting out, running a script is hard enough let alone learning how to digitally sign a script with a certificate! If you do want to go down that road, with a self-signed certificate created with makecert.exe or with a public certificate, you can always check out the help topic using
Luckily, Microsoft heard the cries of newcomers to PowerShell and the default execution policy is now
RemoteSigned means that any script that was downloaded from the Internet or even downloaded via UNC share on your network has to be signed before it can run. Any scripts created locally do not.
Set-ExecutionPolicy is the command that’s used to change the execution policy. Once you’ve ran
Get-ExecutionPolicy to confirm the policy that’s applied, we can run
Set-ExecutionPolicy to change it using the
PS> Set-ExecutionPolicy -ExecutionPolicy Unrestricted Execution Policy Change The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks described in the about_Execution_Policies help topic at http://go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): y
You can see that PowerShell prompts you to confirm if you’re sure you’re going to change the execution policy to
Unrestricted. For testing purposes or for those that like to live on the wild side, this is fine.
However, just to be safe, it’s always a good idea to keep it
RemoteSigned. You might have to learn how to sign those scripts though.
Finally, the cmdlet also has a
Scope parameter. Above, I used
Set-ExecutionPolicy to set the local machine’s execution policy. I was running as administrator in an elevated PowerShell session. Otherwise, I couldn’t have done that.
If you’d rather use PowerShell, update the execution policy to change the user preference for the current user or just the current PowerShell session, you can use enable the PowerShell execution policy using the
Scope parameter and specify either
For more information about execution policies, check out the about topic about_Execution_Policies.