Introduction

What defined if a Powershell script can run on a client or server? It is the Powershell execution policy!

In this blog post, I explain how to use the commands Get-ExeuctionPolicy and Set-ExecutionPolicy to configure it. I also provide a short script to automatically add to your scripts to change the execution policy to one of your likings automatically.

If you want to learn Powershell, I highly recommend watching the courses over at Pluralsight.

What is the Powershell execution policy?

The Powershell execution policy is a rule that defines which scripts are allowed to run on a specific server or workstation.

A few reasons why this security feature exists:

  • A trusted party digitally signs Powershell scripts that run.
  • Secure against scripts downloaded from the internet.

The default execution policy is Restricted.

Below is a list of the different Powershell execution policies:

Execution PolicyDescription
RestrictedNo scripts are allowed to run.
AllSignedOnly scripts that have been digitally signed by a trusted publisher can run.
RemoteSignedDownloaded scripts have to be signed by a trusted publisher.
UnrestrictedNo restrictions on which Powershell scripts can be run

How to check which execution policy is configured using Get-ExecutionPolicy

If you want to check which execution policy is currently configured, you can use the Get-ExecutionPolicy cmdlet.

Open an elevated Powershell window and enter the below Powershell command:

Get-ExecutionPolicy

You should receive a result similar to the one below. In my case, I have configured my machine to the execution policy Bypass, which means that all scripts run successfully.

Powershell Get-ExecutionPolicy

How to set a new execution policy

If you want to change to a new execution policy in Powershell, you can run the Set-ExecutionPolicy cmdlet.

Set-ExecutionPolicy RemoteSigned

Press A to change the Powershell execution policy.

In my example, I changed the execution policy from Bypass to RemoteSigned.

Above, we have changed the execution policy manually on a client. However, in enterprise environments, this policy is usually configured via group policy.

The Powershell snippet

Below is an example of a Powershell script that you can use in your scripts at the start to change the execution policy if required.

In the script, we define which execution policy we wish to configure. The script will then check if it matches the current execution policy. If not, the execution policy will be changed.

$Policy = "RemoteSigned" 
If ((Get-ExecutionPolicy) -ne $Policy) {    
 Set-ExecutionPolicy $Policy -Force   
Exit
}

Conclusion

Changing between different Powershell execution policies is a very common task for an IT administrator.

How do you handle this? Please leave a comment below. 🙂

If you want to learn Powershell, I highly recommend watching the courses over at Pluralsight.

References

Related posts

LEAVE A REPLY

Please enter your comment!
Please enter your name here