Set Powershell Execution Policy

     About Powershell Execution Policy

    The Powershell Execution Policy is a security mechanism implemented in the Powershell engine that lets administrators have a tighter control on how scripts are run in the infrastructure or if they can be run at all.

    Controlling this settings actually means that the administrator gets to choose if a script has to be digitally signed with a certificate or not in order to be executed. There are 4 settings that you can choose for the executio policy:

  • Restricted – If this setting is active then no script can be run, not even if it’s signed.
  • AllSigned – All scripts that are executed on a host have to be signed.
  • ReoteSigned – Scripts run from a network path (that are not local to the server’s storage or the path is not in the form <Partition letter>:) have to be signed and the ones that reside on the server’s local storage can be executed regardless of their state. Also files can have an alternate stream of data that stores information of where the script came from; if the source is th “internet”, the script will not be executed.
  • Unrestricted – Unsigned scripts can be run from any path. This setting should be avoided as it is a security risk to permit unsigned scripts to be executed from anywhere.

   Configure the Powershell Execution Policy

    The execution policy is configured differently by default for some Windows versions than for others. For Windows Server 2008 R2 and Windows 7 it is set to Restricted. For operating systems newer then these 2 the default value is RemoteSigned.

    To see what setting you have configured just run the following Powershell command:

Get-ExecutionPolicy

    You will get as result the execution policy you use:

Show the Powershell Execution Policy

Show the Powershell Execution Policy

    You are most likely reading this post because you wanted to run a script but got the following error message: “File <your script> cannot be loaded because the execution of scripts is disabled on this system. If the answer is yes then I am happy to tell you the solution is simple: the Set-Execution policy command lets you set another value for the Powershell Execution Policy. For example to set it to RemoteSigned I would run:

 Set-ExecutionPolicy RemoteSigned 

    Accept the changes ad you are ready to run scripts.

Setting Powershell Execution Policy to RemoteSigned

Setting Powershell Execution Policy to RemoteSigned

    In my opinion, RemoteSigned is the best balance you can choose between security and “liberty”. Now running a script that is unsigned and located on the local host will not generate anny execution policy error.

Executing an unsigned local script

Executing an unsigned local script

    Running the same file from the same computer but using an UNC path should not work as can be seen from the below image.

Running a remote unsigned script

Running a remote unsigned script

    The Powershell Execution Policy command can be changed at any time using the Set-ExecutionPolicy command. The only requirement is to run Powershell in an elevated permissions mode. 

1 Comment

  1. Williamel

    I really enjoy the forum topic.Thanks Again. Keep writing. Delrossi

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *