Have you encountered an error “execution of scripts is disabled on this system” while trying to run a PowerShell script? I am sure you must have at least at the beginning. This is because of PowerShell’s execution policy settings.
In this article, I will walk you through everything you need to know about PowerShell execution policies – what they are, why they matter, and how to configure them properly.
Whether you’re a system administrator, IT professional, or just someone trying to run a PowerShell script, you should understand the execution policy in PowerShell.
What is PowerShell Execution Policy?
The PowerShell execution policy is a security feature that controls the conditions under which PowerShell loads configuration files and runs scripts. It helps prevent the execution of malicious scripts.
By default, Windows sets the execution policy to “Restricted,” which means PowerShell won’t run scripts at all. This is a security measure to protect users from accidentally running harmful scripts.
Check Your Current Execution Policy
Before making any changes, it’s always good to know your current execution policy setting. Here’s how to check it:
- Open PowerShell as an administrator
- Run the following command:
Get-ExecutionPolicyThis will display your current execution policy level. It is easy, and you can see the output in the screenshot below:
If you want to see the execution policy at all scopes, use:
Get-ExecutionPolicy -ListThis will show the policy settings at different scopes (MachinePolicy, UserPolicy, Process, CurrentUser, and LocalMachine).
Check out Windows PowerShell ISE
Different Execution Policy Levels in PowerShell
PowerShell offers several execution policy levels, each with different security implications:
| Policy Level | Description |
|---|---|
| Restricted | Default setting. Doesn’t load configuration files or run scripts |
| AllSigned | Scripts can run, but must be signed by a trusted publisher |
| RemoteSigned | Downloaded scripts must be signed by a trusted publisher |
| Unrestricted | Runs all scripts (warning prompt for downloaded scripts) |
| Bypass | Nothing is blocked, no warnings or prompts |
| Undefined | No execution policy set in the current scope |
Method 1: Change Execution Policy with Set-ExecutionPolicy
The most common way to change the execution policy in PowerShell is using the Set-ExecutionPolicy cmdlet. Here’s how:
- Open PowerShell as an administrator
- Run one of the following commands based on your needs:
# To set to RemoteSigned (most commonly used)
Set-ExecutionPolicy RemoteSigned
# To set to AllSigned
Set-ExecutionPolicy AllSigned
# To set to Unrestricted (use with caution)
Set-ExecutionPolicy UnrestrictedAfter running the command, you’ll be asked to confirm the change. Type “Y” and press Enter.
Check out Run PowerShell Script in Visual Studio Code
Method 2: Set Execution Policy for Different Scopes
You can apply execution policy at different scopes using the -Scope parameter in PowerShell.
You can follow the below PowerShell script to do this.
# Set policy for the current user only
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
# Set policy for the local machine (requires admin rights)
Set-ExecutionPolicy RemoteSigned -Scope LocalMachine
# Set policy just for the current PowerShell session
Set-ExecutionPolicy RemoteSigned -Scope ProcessUsing scopes gives you more flexibility. For example, you might set a more permissive policy for yourself using CurrentUser while keeping the machine-wide policy more restrictive.
Check out Write to File Line by Line in PowerShell
Method 3: Bypass Execution Policy Temporarily
Sometimes you just need to run a single script without changing the policy permanently. There are a few ways to do this:
Using the -ExecutionPolicy Parameter
When starting PowerShell, you can specify the execution policy for just that session:
powershell.exe -ExecutionPolicy Bypass -File "C:\Scripts\MyScript.ps1"Using Bypass Scope Process
Another approach is to set the policy to Bypass but only for the current process:
Set-ExecutionPolicy Bypass -Scope ProcessThis will revert to the previous policy when you close the PowerShell window.
Method 4: Working with Execution Policy in Scripts
If you’re creating deployment scripts or automated processes, you might need to check or set the execution policy within your script:
# Check if execution policy needs to be changed
if ((Get-ExecutionPolicy) -ne 'RemoteSigned') {
try {
# Try to set the execution policy
Set-ExecutionPolicy RemoteSigned -Scope Process -Force -ErrorAction Stop
Write-Output "Execution policy changed to RemoteSigned for this process."
}
catch {
Write-Warning "Failed to set execution policy: $_"
}
}
# The rest of your script continues here...Check out Reference Variables in PowerShell
Best Practices for PowerShell Execution Policy
Based on my experience, here are some best practices I recommend:
- Use RemoteSigned for most scenarios – It offers a good balance of security and usability
- Apply least-privilege principle – Use the most restrictive policy that still allows you to work effectively
- Consider using scopes – Apply different policies at different scopes as needed
- Document your changes – Always document when and why you changed execution policies
- Don’t default to Unrestricted – Avoid using Unrestricted unless absolutely necessary
- Use digital signatures – For enterprise environments, consider signing your scripts
Common Issues and Solutions
Here are some common issues you might face while changing the execution policy in PowerShell. You can follow the solutions to fix these issues.
“Access Denied” When Changing Policy
If you get an “Access Denied” error when trying to change the execution policy, you likely don’t have administrator rights. Try:
- Running PowerShell as an administrator
- Using
-Scope CurrentUserif you don’t have admin rights - Checking if there’s a Group Policy setting restricting changes
Group Policy Overrides
In corporate environments, Group Policy might override your execution policy settings. If you set a policy but it doesn’t seem to take effect, check if there’s a Group Policy in place:
Get-ExecutionPolicy -ListIf MachinePolicy or UserPolicy shows a value other than “Undefined,” it’s being set by Group Policy and will override your local settings.
If you want to execute PowerShell scripts, then you should understand PowerShell execution policy and especially how to configure it.
The RemoteSigned policy is usually the best choice for most users and environments, as it provides a good balance between security and functionality. For more sensitive environments, AllSigned offers enhanced security, while temporary bypasses are available when needed for specific tasks.
Remember that the execution policy is just one part of a comprehensive security strategy. Always get scripts from trusted sources, review code before running it, and consider using signed scripts in enterprise environments.
I hope you found this guide helpful! If you have any questions or suggestions about PowerShell execution policies, feel free to leave them in the comments below.
You may also like the following tutorials:
Hey! I’m Bijay Kumar, founder of SPGuides.com and a Microsoft Business Applications MVP (Power Automate, Power Apps). I launched this site in 2020 because I truly enjoy working with SharePoint, Power Platform, and SharePoint Framework (SPFx), and wanted to share that passion through step-by-step tutorials, guides, and training videos. My mission is to help you learn these technologies so you can utilize SharePoint, enhance productivity, and potentially build business solutions along the way.
