PowerShell Set-ExecutionPolicy Command Tutorial

PowerShell provides the Set-ExecutionPolicy command in order to change the PowerShell execution policy for the local, remote computers as well as different users. The execution policy is used to restrict script or command execution for security purposes. It can be also used to restrict loading configurations to prevent malformed configurations. In order to use the Set-ExecutionPolicy, the PowerShell should be opened with the Administrator privileges which can be done via Run as Administrator in the Start Menu.

Set-ExecutionPolicy Command Syntax

The Set-ExecutionPolicy command has the following syntax where the -ExecutionPolicy option is used to specify execution policy name and -Scope option is used to specify the execution policy scope.

Set-ExecutionPolicy -ExecutionPolicy POLICY -Scope SCOPE OPTIONS
  • POLICY is the most crucial option which specify the new execution policy.
  • SCOPE is the scope of the new execution policy which can be local or remote computer.

Display Current Execution Policy

Before changing the execution policy displaying the current execution policy is very useful. The Get-ExecutionPolicy commandlet can be used to list the current execution policy for the machine, all users, process, current user, and local computer.

PS> Get-ExecutionPolicy -List
Display Current Execution Policy

PowerShell Execution Policies

Restricted: This policy does not load configuration files or run scripts. This is the default policy provided by PowerShell.

AllSigned: This policy requires all scripts and configuration files to be signed by a valid and trusted publisher.

RemoteSigned: This policy requires all scripts and configuration files downloaded via the internet should be signed by a valid and trusted publisher.

Unrestricted: This policy does not require any validation and all configuration files and scripts can be loaded and executed without any check. But in every action approval is required.

See also  PowerShell "Running script is disabled on this system" Error and Solution

Bypass: This policy does not require any validation and all configuration files and scripts can be loaded and executed without any check. This policy is the same as the Unrestricted policy where the Bypass policy does not ask for approval for execution.

Undefined: This policy means there is no definition and a new policy should be set.

Set Execution Policy

The execution policy can be set using the Set-ExecutionPolicy command. The only required option is -ExecutionPolicy . Also, PowerShell should be opened as an Administrator. In the following example, we set the PowerShell execution policy as Restricted .

PS> Set-ExecutionPolicy -ExecutionPolicy Restricted

Set Remote Computer Execution Policy

By default, the execution policy is set for the current computer. But the Set-ExecutionPolicy command can be used to set remote computer PowerShell execution policy. As expected it will require remote computer privileges separated or getting from Active Directory. The -ComputerName option should be used to specify remote computers. The remote computer can be specified with its IP address or Domain name.

PS> Set-ExecutionPolicy -ExecutionPolicy Restricted -ComputerName 192.168.1.10

Copy Remote Machine Execution Policy To Local Computer

In some cases, we may need to copy the remote computer execution policy to the local computer without creating it from scratch. The Invode-Command can be used to run and get remote computer execution policy and copy to the local computer.

PS> Invoke-Command -ComputerName 192.168.1.10 -ScriptBlock { Get-ExecutionPolicy } | Set-ExecutionPolicy

Set Execution Policy For the Current User

PowerShell execution policy can be defined for different scopes where the CurrentUser is one of them. the CurrentUser scope is used to set execution policy for the current user without affecting other user’s execution policy.

PS> Set-ExecutionPolicy -ExecutionPolicy Restricted -Scope CurrentUser

Set Execution Policy for Current PowerShell Session

In some cases, we may only set the execution policy for the current PowerShell sessions. After the session is closed remotely or locally the execution policy will be removed and it will not affect other scopes permanently. The Process scope parameter is used with the -Scope option in order to set an execution policy for the current PowerShell session.

PS> Set-ExecutionPolicy -ExecutionPolicy Restricted -Scope Process

Unblock Specified PowerShell Script

Even the Set-ExecutionPolicy provides different policies for preventing or enabling script execution we may need single shot unblocking for a PowerShell script without changing the policy. The Unblock-file commandlet can be used to set specific script execution. This will enable the execution of a specific script even the execution policy prevents it.

PS> Unblock-File -Path MyPowerShellScript.ps1

Skip Approval and Force New Policy

By default, the Set-ExecutionPolicy command works with approval to make specified configuration and policy to be effective. This approval is done via answering Yes and No questions. But the Force option can be used to skip this approval and directly enable specified policy and configuration.

PS> Set-ExecutionPolicy -ExecutionPolicy Restricted -Force

“Set-ExecutionPolicy : Access to the registry key …” Error

When working with the Set-ExecutionPolicy command the “Set-ExecutionPolicy: Access to the registry key …” error can occur. This is generally related to the current PowerShell privileges. If the PowerShell is opened with non-administrator user privileges this error is thrown. In order to solve this error PowerShell should be opened as Administrator which is described in the following posts.

See also  What Is the Difference Between "Program Files" vs "Program Files (x86)" Folder In Windows?
“Set-ExecutionPolicy : Access to the registry key …” Error

Leave a Comment