502

When I try to execute my PowerShell script I get this error:

File C:\Common\Scripts\hello.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see "get-help about_signing" for more details.
At line:1 char:13
+ .\hello.ps1 <<<<
+ CategoryInfo : NotSpecified: (:) [], PSSecurityException
+ FullyQualifiedErrorId : RuntimeException

Improve this question
1

15 Answers 15

Reset to default
691

  1. Start Windows PowerShell with the "Run as Administrator" option. Only members of the Administrators group on the computer can change the execution policy.

  2. Enable running unsigned scripts by entering:

    set-executionpolicy remotesigned

This will allow running unsigned scripts that you write on your local computer and signed scripts from Internet.

See also Running Scripts at Microsoft TechNet Library.

Improve this answer
9
  • 5
    Will this change the policy permanently or do I have to do this every time I restart my computer?
    – Ray
    Jan 14, 2017 at 18:11
  • 5
    @Ray This will change the policy permanently.
    – Pavel Chuchuva
    Jan 14, 2017 at 22:15
  • 3
    @Ray See the documentation. By default, it sets it for the LocalMachine. To set for other scopes (CurrentUser or Process), pass -Scope explicitly.
    – jpmc26
    Jul 17, 2018 at 18:38
  • 5
    I would mention you need to do that two times, in normal power shell, and once more in Windows PowerShell (x86) It’s very unexpected but the 2 have different set of policies.
    – Soonts
    Oct 29, 2019 at 23:30
  • 11
    I hate that there's like 15 answers like this, or whatever. This is a very dangerous and generally speaking undesirable thing to ever do. Add something like -Scope Process at the end, so that it doesn't change execution policy globally and permanently. Have it be the current session, that's good enough. Even if someone uses this a lot and doesn't remember the command, bookmark the answer - don't change the policy for everyone and forever.
    – Kalec
    Jun 17, 2021 at 13:50
147

The Default Execution Policy is set to restricted, you can see it by running Get-ExecutionPolicy:

Get-ExecutionPolicy

Run Set-ExecutionPolicy like this to switch to the unrestricted mode:

Set-ExecutionPolicy unrestricted
Improve this answer
4
  • 19
    The requiring signing make sense if you expect the user to copy&paste malicious scripts from the internet. If you assume the user isn't stupid, then "remotesigned" doesn't add any security and makes life difficult.
    – Guss
    Nov 11, 2012 at 10:41
  • 1
    @Guss: On testing this I found that RemoteSigned no longer requires locally generated .ps1 files to be signed, and it treats git source control as a local source.
    – Joshua
    Jun 11, 2019 at 21:14
  • 1
    @Joshua - yes, my point exactly. If RemoteSigned doesn't block copy & paste, doesn't block git or other non-IE download methods, then what is it good for? Say it with me: "absolutely nothing!". I think requiring scripts to be signed with $100 code signing certificate is useless, stupid and negates all the good that a decent scripting language can do for Windows. That being said, if the way forward is to get users to understand what they're doing in order to use PS scripts, then we may be on too sth... Nahhhh, that will never work ;-)
    – Guss
    Jun 11, 2019 at 23:23
  • 1
    @Guss: I already got a good scripting language on Windows. Cygwin works great on Windows 10; like literally so much better than it's been on any prior version of Windows. I only ever want to run scrips somebody else already wrote.
    – Joshua
    Jun 11, 2019 at 23:36
103

On my machine that I use to dev scripts, I will use -unrestricted as above. When deploying my scripts however, to an end user machine, I will just call powershell with the -executionpolicy switch:

powershell.exe -noprofile -executionpolicy bypass -file .\script.ps1
Improve this answer
3
37

We can get the status of current ExecutionPolicy by the command below:

Get-ExecutionPolicy;

By default it is Restricted. To allow the execution of PowerShell Scripts we need to set this ExecutionPolicy either as Bypass or Unrestricted.

We can set the policy for Current User as Bypass or Unrestricted by using any of the below PowerShell command:

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Bypass -Force;

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -Force;

Unrestricted policy loads all configuration files and runs all scripts. If you run an unsigned script that was downloaded from the Internet, you are prompted for permission before it runs.

Whereas in Bypass policy, nothing is blocked and there are no warnings or prompts during script execution. Bypass ExecutionPolicy is more relaxed than Unrestricted.

Improve this answer
10

Depending on the Windows version and configuration, you may have the following warning, even in Unrestricted mode:

Security warning
Run only scripts that you trust. While scripts from the internet can be useful, this
script can potentially harm your computer. If you trust this script, use the 
Unblock-File cmdlet to allow the script to run without this warning message. 
Do you want to run?
[D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D")

The solution is to use the "bypass" policy, enabled with the following command: 

Set-ExecutionPolicy Bypass

From the documentation:

Bypass: Nothing is blocked and there are no warnings or prompts.

This is obviously insecure, please understand the risks involved.

Improve this answer
8
  • this was the only way I was able to get my script to run in a WINE environment with powershell 2.0. Thank you.
    – Wyatt Ward
    Oct 25, 2016 at 1:39
  • @Wyatt8740: Because wine presents all drives as network drives.
    – Joshua
    Jun 11, 2019 at 23:37
  • @Joshua I had no idea. can you give me a source for that statement? i tried a casual google, but I obviously am looking wrong.
    – Wyatt Ward
    Jun 12, 2019 at 8:25
  • @Wyatt8740: Source: Wine OpenFileName common dialog box. Look a the drive icons.
    – Joshua
    Jun 12, 2019 at 14:59
  • @Joshua I meant a source code source; icons are possibly arbitrary. But I'd not thought of that; I guess that's a good place to start (edit: doesn't look like they are here.)
    – Wyatt Ward
    Jun 12, 2019 at 18:38
6

A .reg file with: 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell]
"EnableScripts"=dword:00000001 "ExecutionPolicy"="Bypass"

and:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell]
"EnableScripts"=dword:00000001 "ExecutionPolicy"="Unrestricted"

works indeed too.

Improve this answer
1
  • 1
    You have to make a new line after each key or it will not work
    – Nightcap79
    Nov 4, 2020 at 7:22
2

For some reason the PowerShell cmdlet did not enable local execution globally, just for the local user context. If I tried to start a Powershell script from inside CygWin's bash prompt, for example, which runs under its own user context, it would not run, giving the "is not digitally signed" error. The answer was to go into the Local Group Policy Editor -> Local Computer Policy -> Administrative Templates -> Windows Components -> Windows PowerShell and double-click on 'Turn on Script Execution'. This then let me change it to 'Enabled' and then execution policy of "Allow local scripts and remote signed scripts" and have it work globally regardless of user context.

Improve this answer
2

The accepted answer is right, but the policy modification is only available for the currently running instance of the Powershell, meaning once the instance of the Powershell is shut down. The policy will be reset. If a user reopens another instance of Powershell, the default policy will be applied which is Restricted

For me, I need to use the VisualStudio Code console and g++ from cygwin to build things. The console is using Powershell, with the default policy, nothing can be done. One solution is changing the policy everytime the console is fired in VisualStudio Code console, maybe a script of changing the policy.

I am lazy, so another solution is when I run the Powershell in admin mode, similar to what the accepted answer does. but with an extra parameter which changes values in the Registry table. Once it been done. Other instances of Powershell will use the RemoteSigned policy by default.

set-executionpolicy remotesigned -Scope CurrentUser

Improve this answer
2

Setting the policy (correctly) is the best choice but on my managed systems I do not have the ability to change that policy.

For me, the simplest work-around to changing the policy is to open the script in the "PowerShell ISE", highlight the code (or part of the code) to execute and then click the "Run Selection" button (or use the F8 shortcut).

This is not the best solution & does little for automating tasks, but it does allow me the use & utility of PowerShell while not running afoul of my IS department.

Improve this answer
1

I don't know if anyone has carefully tried and tested this or not, but even in latest updates of Windows 10 (11 could be too, but not tried), if you run these lines in the exact given order then you can easily set the ExecutionPolicy to your liking.

Open Powershell with Admin elevation(Run As Administrator) and run these lines one by one but all 3 in the exact given order is must:

powershell "Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned -Force"
powershell "Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned -Force"
powershell "Set-ExecutionPolicy -Scope LocalMachine -ExecutionPolicy RemoteSigned -Force"

And after that, not only the current Powershell Window, but even newly opened Powershell windows by any User would be able to run .ps1 scripts.

Let me know in comments if any issues.

Improve this answer
0

  1. Open Start.

  2. Search for PowerShell, right-click the top-result and click the Run as administrator option.

  3. Type the following command to allow scripts to run and press Enter:

    Set-ExecutionPolicy RemoteSigned

  4. Type A and press Enter (if applicable).

  5. Type the following command to run the script and press Enter:

    & "C:\PATH\TO\SCRIPT\first_script.ps1"

    In the above command, make sure to change "PATH\TO\SCRIPT" to the location of your script.

After you complete the steps, the script will run, and if it was crafted correctly, you should see its output without issues.

Improve this answer
0

Just one note:

Do not use PowerShell ISE to run set-executionpolicy remotesigned command as a script. It doesn't work in my case.

Run it in elevated PowerShell - Please follow step-by-step recommendation provided by Pavel Chuchuva.

Improve this answer
0

If you downloaded the .ps1 from the internet right click properties might have an unblock button on it, just click that.

Improve this answer
0

On my local machine, I solved by setting the execution policy to Bypass.

  1. Start Windows PowerShell with the "Run as Administrator" option. Only members of the Administrators group on the computer can change the execution policy.

  2. Enable running unsigned scripts by entering:

    set-executionpolicy Bypass

    (type A and press Enter to accept all questions).

Improve this answer
2
  • 1
    What's the difference between Bypass and Unrestricted?
    – NobleUplift
    Jun 15, 2021 at 16:21
  • 2
    @NobleUplift They both allow all scripts to run, but unrestricted will send you warnings for unsigned scripts from outside your network.
    – Blaisem
    Nov 12, 2021 at 15:25
-2

The reason that the reg key works, is because it is doing exactly what the PS commands do. The commands write the changes to the reg keys. Commands are much quicker and easier than creating a reg key or digging into the registry.

Improve this answer
1
  • 3
    That is just wrong: the keys that were mentioned in other answers change the powershells execution policy, which then enables the powershell script to run.
    – Patrick R.
    Apr 5, 2018 at 14:04

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .