Execution Policy

You don't get far with PowerShell before you need to understand Execution Policies, in fact you probably won't be able to run a script until you do!

Introduction

So, the execution policy controls what is allowed to run and its scope controls where this applies. So the Execution Policy is one of the following:

  • Restricted - scripts cannot be run and configuration files cannot be loaded, this is the default
  • AllSigned - all scripts and configuration files have to be signed by a trusted publisher
  • RemoteSigned - all scripts downloaded from the Internet must be signed by a trusted publisher
  • Unrestricted - everything loads and runs, however scripts downloaded from the Internet prompt for permission
  • Bypass - everything just runs
  • Undefined - removed the current policy from the current scope
Then the scope is one of these:
  • CurrentUser - so only impact the current logged on user
  • LocalMachine - impact all users on the computer
  • Process - only change the current instance of PowerShell
Note that when using "Process" the change is for that execution only, start a new instance of PowerShell and it will go back to the default.

You can check the current Execution Policy with a simple get command
Get-ExecutionPolicy -Scope CurrentUser of course you need to be running PowerShell to do this. If CurentUser returns "Undefined" then the Local Machine policy is active. You can also get a complete list via Get-ExecutionPolicy -List which is much easier and more helpful.

Running Scripts within PowerShell

If they don't run and you just want to make them run then the following command is handy and remains in place until you close the process as it only applies to that instance of the PowerShell process.
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

Running Script direct

When running scripts outside of PowerShell itself I use one of two approaches. I sometimes write a Windows Command Script or batch file as follows:
@ECHO OFF
PowerShell.exe -ExecutionPolicy Bypass -File "C:\Files\Test.ps1"

Then you can just double click the .cmd file. More recently however I have taken to using Windows Shortcuts, to PowerShell.exe and then putting the command line arguments from the script above into the shortcut. Generally I prefer the latter approach, however at other times the Command Script is more flexible.

Conclusion

Make sure you check what your Execution Policy is before you change it, unless you use -Scope Process which is more temporary.

You can get more information on this as well as details on how to sign your scripts at Windows PowerShell User's Guide. I strongly recommend that you do not Unrestricted or Bypass the policy for your local machine or user, especially if the user has Administration rights. The Bypass execution policy was introduced with PowerShell 2.0 but hopefully now you will not see anything that old.

If you want more detail and information including the use of Group Policy to manage PowerShell then PowerShell Execution Policy - Stephanos Constantinou Blog is a great article.

There is also information on running scripts at Windows Powershell: How to run windows powershell scripts and Signing PowerShell Scripts - Scott Hanselman covers how to sign scripts.