Changing PowerShell’s Execution Policy with Set-ExecutionPolicy

Adam Bertram

Read more posts by this author.

Have you ran into the error “execution of scripts is disabled on this system”? Every, single person that has started using PowerShell has ran into that error!

In this cmdlet of the day blog, I cover the Set-ExecutionPolicy cmdlet which allows you to change your PowerShell execution policy to get you going!

The Set-ExecutionPolicy cmdlet is one that most newcomers to PowerShell get familiar with real quick especially if they launch PowerShell on an older operating system. Why?

Because PowerShell script execution and any PowerShell module wouldn’t work! A newbie may create a script in the PowerShell ISE, try to execute a PowerShell script and immediately wonder why her script won’t execute.

They’d then do a little Googling and find the method to find the applied execution policy, run Get-ExecutionPolicy to find it is restricted.

One of the first hurdles everyone new to PowerShell must overcome is figuring out how to just run scripts. Before Windows Server 2012 R2, it was not possible to run any scripts without first opening a PowerShell window and running the PowerShell Set-ExecutionPolicy cmdlet in the PowerShell console.

Nowadays, the restrictions have been lifted a little bit but it’s still necessary to get acclimated to Set-ExecutionPolicy if you plan to download and run scripts downloaded from the Internet. Because it’s either using this cmdlet or perhaps using group policy to change the execution policy across many computers at once.

The Set-ExcutionPolicy cmdlet that comes with PowerShell that changes the execution policy of your PowerShell session. By default, prior to Windows Server 2012 R2, the execution policy was set to AllSigned which meant all scripts had to first be cryptographically signed to run.

When you’re just starting out, running a script is hard enough let alone learning how to digitally sign a script with a certificate! If you do want to go down that road, with a self-signed certificate created with makecert.exe or with a public certificate, you can always check out the help topic using Get-Help About_Signing.

Luckily, Microsoft heard the cries of newcomers to PowerShell and the default execution policy is now RemoteSigned. RemoteSigned means that any script that was downloaded from the Internet or even downloaded via UNC share on your network has to be signed before it can run. Any scripts created locally do not.

Set-ExecutionPolicy is the command that’s used to change the execution policy. Once you’ve ran Get-ExecutionPolicy to confirm the policy that’s applied, we can run Set-ExecutionPolicy to change it using the Name parameter.

PS> Set-ExecutionPolicy -ExecutionPolicy Unrestricted

Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks described in the about_Execution_Policies help topic at
Do you want to change the execution policy?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
(default is "N"): y

You can see that PowerShell prompts you to confirm if you’re sure you’re going to change the execution policy to Unrestricted. For testing purposes or for those that like to live on the wild side, this is fine.

However, just to be safe, it’s always a good idea to keep it RemoteSigned. You might have to learn how to sign those scripts though.

Finally, the cmdlet also has a Scope parameter. Above, I used Set-ExecutionPolicy to set the local machine’s execution policy. I was running as administrator in an elevated PowerShell session. Otherwise, I couldn’t have done that.

If you’d rather use PowerShell, update the execution policy to change the user preference for the current user or just the current PowerShell session, you can use enable the PowerShell execution policy using the Scope parameter and specify either CurrentUser or Process.

For more information about execution policies, check out the about topic about_Execution_Policies.

Subscribe to Adam the Automator

Get the latest posts delivered right to your inbox

Looks like you're offline!