Table of Contents
Introduction
What defines if a Powershell script can run on a client or server? It is the Powershell execution policy!
In this blog post, I explain how to use the commands Get-ExeuctionPolicy and Set-ExecutionPolicy to configure it. I also provide a short script to automatically add to your scripts to change the execution policy to one of your likings automatically.
If you want to learn Powershell, I highly recommend watching the courses over at Pluralsight.
What is the Powershell execution policy?
The Powershell execution policy is a rule that defines which scripts are allowed to run on a specific server or workstation.
A few reasons why this security feature exists:
- A trusted party digitally signs Powershell scripts that run.
- Secure against scripts downloaded from the internet.
The default execution policy is Restricted.
Below is a list of the different Powershell execution policies:
| Execution Policy | Description |
| Restricted | No scripts are allowed to run. |
| AllSigned | Only scripts that have been digitally signed by a trusted publisher can run. |
| RemoteSigned | Downloaded scripts have to be signed by a trusted publisher. |
| Unrestricted | No restrictions on which Powershell scripts can be run |
How to check which execution policy is configured using Get-ExecutionPolicy
If you want to check which execution policy is currently configured, you can use the Get-ExecutionPolicy cmdlet.
Open an elevated Powershell window and enter the below Powershell command:
Get-ExecutionPolicy
You should receive a result similar to the one below. In my case, I have configured my machine to the execution policy Bypass, which means that all scripts run successfully.
How to set a new execution policy
If you want to change to a new execution policy in Powershell, you can run the Set-ExecutionPolicy cmdlet.
Set-ExecutionPolicy RemoteSigned
Press A to change the Powershell execution policy.
In my example, I changed the execution policy from Bypass to RemoteSigned.
Above, we have changed the execution policy manually on a client. However, in enterprise environments, this policy is usually configured via group policy.
The Powershell snippet
Below is an example of a Powershell script that you can use in your scripts at the start to change the execution policy if required.
In the script, we define which execution policy we wish to configure. The script will then check if it matches the current execution policy. If not, the execution policy will be changed.
$Policy = "RemoteSigned"
If ((Get-ExecutionPolicy) -ne $Policy) {
Set-ExecutionPolicy $Policy -Force
Exit
}
Conclusion
Changing between different Powershell execution policies is a very common task for an IT administrator.
How do you handle this? Please leave a comment below. š
If you want to learn Powershell, I highly recommend watching the courses over at Pluralsight.
References
Related posts
- How to change the Powershell version for backward compatibility
- How to create a menu selection script in Powershell