PowerShell execution policy :
Execution policies are safety features of powershell. Based on these policies, powershell allows/rejects certain operations. These policies are stored in registry for the current user and policies for session are stored in memory, which are destroyed when the session is closed.
Running scripts is disabled on this system is a common error that you will face if you want to run any script on Windows machine and if you haven’t changed any powershell policy before.
List of PowerShell policies :
Following are the list of policies available :
- AllSigned : can run any script.
- Bypass : no warning and nothing is blocked.
- Default : Default execution policy. For windows, it is
Restrictedand for remote servers, it is
- RemoteSigned : Default execution policy for windows server.
- Restricted : Default execution policy for windows PC.
- Undefined : No execution policy is defined.
- Unrestricted : Default execution policy for non windows PC. We can’t change it.
Scopes of execution policies :
The execution policies are defined for specific scope. Following are the scope defined :
- MachinePolicy : It is set for all users of the computer and it is set by a group policy.
- UserPolicy : Policy for the current user of the computer and it is set by a group policy.
- Process : This scope is for the current process or current PowerShell session. It is destroyed once the PowerShell is closed.
- CurrentUser : Policy for the current user.
- LocalMachine : Policy for all users on the PC.
When we set one policy, by default it is set for LocalMachine.
Get all policies that affect the current session :
Open one PowerShell and run the below command to get all policies :
On my PC, it returns something like below :
Scope ExecutionPolicy ----- --------------- MachinePolicy Undefined UserPolicy Undefined Process Undefined CurrentUser Undefined LocalMachine RemoteSigned
Get only the effective execution policy :
The below command will return only the effective execution policy :
If you want any policy for a specific scope, you can use the below command :
Get-ExecutionPolicy -Scope SCOPE
Fix the above issue : Change the policy :
We can change one policy using the below command :
Set-ExecutionPolicy -ExecutionPolicy <POLICYNAME> -Scope <SCOPE>
In our case, we need to set it to
RemoteSigned. Use the below command to do that :
That’s it. It will fix that error.
Removing policies :
We can set policy as
Undefined to remove it for a particular scope :
Set-ExecutionPolicy -ExecutionPolicy Undefined -Scope <SCOPE>
SCOPE to remove it for all users in a local computer.