It is one of the most influential and useful tools for developers and sys adminis working on Windows system. PowerShell provides a command-line interface, allowing you to execute commands from a terminal sessions. You can also create batch powershell scripts that can perfrom simple to complex tasks on multiple systems.
PowerShell scripts supports programming language features such as classes, function, modules, etc. You can also explore other features such as type systems, data formats such as CSV, JSON, and YAML.
Before you can execute a PowerShell script on a Windows system, you will need to disable or modify PowerShell's default security feature.
What is PowerShell Execution Policy?
PowerShell execution policy is a security feature that defines the conditions and parameters under which PowerShell loads and executes exernal scripts.
This feature ensures that malicious scripts do not download and execute without permissions on the target system.
Although this feature is enabled by default, it does not prevent you from running valid scripts that you wish to execute.
The goal of this guide is to show you how you get the current PowerShell Execution Policy and change it as you see fit.
Let us delve in.
PowerShell Show Current Execution Policy
To get the current execution policy, we use the Get-ExecutionPolicy command. The syntax is as shown below:
Get-ExecutionPolicy
[[-Scope] <ExecutionPolicyScope>]
[-List]
[<CommonParameters>]
We can use the Get-ExecutionPolicy -List command to show the execution policies in order of precedence.
If you simply want to get your current, also known as effective execution policy, run the command without parameters.
Launch the PowerShell Terminal and run the command:
Get-ExecutionPolicy
The command should return the current execution policy. An example output is as shown below:
RemoteSigned
PowerShell Show all Execution Policies
To show the execution policies for each scope in the order of precedences, run the command with -List option.
Get-ExecutionPolicy -List
Result:
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser RemoteSigned
LocalMachine RemoteSigned
MachinePolicy takes the highest precedence with LocalMachine taking the lowest precedence.
PowerShell Set Execution Policy
To change the execution level in PowerShell, we use the Set-ExecutionPolicy cmdlet. The command syntax is as shown below:
Set-ExecutionPolicy
[-ExecutionPolicy] <ExecutionPolicy>
[[-Scope] <ExecutionPolicyScope>]
[-Force]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
The command accepts the above parameters with each defining the action and operation of the command.
NOTE: By default, the execution policy will be applied for LocalMachine scope which affects all the users in the computer. However, you can specify the target scope using the -Scope parameter.
The example below shows the command to set the execution policy for the LocalComputer scope:
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope LocalMachine
The above command requires you to have administrative privileges on the target machine.
In the above example, the command should update the execution policy of the local machine to Unrestricted allowing all scripts to run.
PowerShell accepts the following execution policy levels:
- AllSigned. Requires that all scripts and configuration files are signed by a trusted publisher, including scripts written on the local computer.
- Bypass. Nothing is blocked and there are no warnings or prompts.
- Default. Sets the default execution policy. Restricted for Windows clients or RemoteSigned for Windows servers.
- RemoteSigned. Requires that all scripts and configuration files downloaded from the Internet are signed by a trusted publisher. The default execution policy for Windows server computers.
- Restricted. Doesn't load configuration files or run scripts. The default execution policy for Windows client computers.
- Undefined. No execution policy is set for the scope. Removes an assigned execution policy from a scope that is not set by a Group Policy. If the execution policy in all scopes is Undefined, the effective execution policy is Restricted.
- Unrestricted. Beginning in PowerShell 6.0, this is the default execution policy for non-Windows computers and can't be changed. Loads all configuration files and runs all scripts. If you run an unsigned script that was downloaded from the internet, you're prompted for permission before it runs.
You can check the command help for supported options and parameters. If you wish to learn more about PowerShell Get-ExecutionPolicy and Set-ExecutionPolicy cmdlets, send us a message here:
PowerShell Remove Execution Policy
To remove an execution policy, set the value to Undefined as shown in the example below:
Set-ExecutionPolicy -ExecutionPolicy Undefined -Scope LocalMachine
Run a PowerShell Script without Changing the Execution Policy.
Although changing the execution policy can allow you to run scripts, it can be dangerous to allow all scripts. It is therefore recommended to run scripts in a sandbox mode.
Hence, instead of changing the policy to run a script, you can tell powershell to allow execution of that one script while retaining the set policy.
Suppose we have a simple script with the content as:
cat .\ip.ps1
Get-NetIPAddress -AddressFamily IPv6
The script above should print the IPv6 address of the interfaces on the machine.
To run the script without chaning exec policy, use the Unblock-File cmdlet. Example command:
Unblock-File -Path .\ip.ps1
Where ip.ps1 is the path to the script you wish to run.
Conclusion
We have come to the end of our tutorial.
In this guide, you learned about PowerShell Execution policies, what it is, and how to use. You also discovered the methods of fetching the set execution policies, chaning the execution policy of a given scope, removing exec policy and more.
If you enjoyed this article, please leave a comment down below or send us a message.
And if you wish to explore other PowerShell concepts, check the Reqeust Topics page.
Until next time, Cheers!!!
If you enjoy our content, please consider buying us a coffee to support our work:
