N Kaushik

Windows powershell - Running scripts is disabled on this system

May 13, 2020

PowerShell execution policy :

Execution policies are safety features of powershell. Based on these policies, powershell allows/rejects certain operations. These policies are stored in registry for the current user and policies for session are stored in memory, which are destroyed when the session is closed.

Running scripts is disabled on this system is a common error that you will face if you want to run any script on Windows machine and if you haven’t changed any powershell policy before.

List of PowerShell policies :

Following are the list of policies available :

  1. AllSigned : can run any script.
  2. Bypass : no warning and nothing is blocked.
  3. Default : Default execution policy. For windows, it is Restricted and for remote servers, it is RemoteSigned.
  4. RemoteSigned : Default execution policy for windows server.
  5. Restricted : Default execution policy for windows PC.
  6. Undefined : No execution policy is defined.
  7. Unrestricted : Default execution policy for non windows PC. We can’t change it.

Scopes of execution policies :

The execution policies are defined for specific scope. Following are the scope defined :

  1. MachinePolicy : It is set for all users of the computer and it is set by a group policy.
  2. UserPolicy : Policy for the current user of the computer and it is set by a group policy.
  3. Process : This scope is for the current process or current PowerShell session. It is destroyed once the PowerShell is closed.
  4. CurrentUser : Policy for the current user.
  5. LocalMachine : Policy for all users on the PC.

When we set one policy, by default it is set for LocalMachine.

Get all policies that affect the current session :

Open one PowerShell and run the below command to get all policies :

Get-ExecutionPolicy -List

On my PC, it returns something like below :

        Scope ExecutionPolicy
        ----- ---------------
MachinePolicy       Undefined
   UserPolicy       Undefined
      Process       Undefined
  CurrentUser       Undefined
 LocalMachine    RemoteSigned

Get only the effective execution policy :

The below command will return only the effective execution policy :

Get-ExecutionPolicy

If you want any policy for a specific scope, you can use the below command :

Get-ExecutionPolicy -Scope SCOPE

Fix the above issue : Change the policy :

We can change one policy using the below command :

Set-ExecutionPolicy -ExecutionPolicy <POLICYNAME> -Scope <SCOPE>

In our case, we need to set it to RemoteSigned. Use the below command to do that :

Set-ExecutionPolicy RemoteSigned

That’s it. It will fix that error.

Removing policies :

We can set policy as Undefined to remove it for a particular scope :

Set-ExecutionPolicy -ExecutionPolicy Undefined -Scope <SCOPE>

Use LocalMachine as SCOPE to remove it for all users in a local computer.

Subscribe to my Newsletter