Getting and setting Execution Policy in Powershell

Feb 27, 2021 (updated Mar 22, 2026) 3 min read PowershellSecurity

Written by Sean Lloyd

This article covers how to use two very useful powershell commands, ‘Get-ExecutionPolicy’ and ‘Set-ExecutionPolicy’

I’d run into an issue in a previous article where I couldn’t run scripts on my home PC (see ps1 cannot be loaded because running scripts is disabled on this system). After working out what the issue was, it seemed a good idea to take a closer look at the commands that helped resolve it.

First, let’s take a quick look at Get-ExecutionPolicy:

Get-ExecutionPolicy

If you haven’t yet run any scripts in Powershell on your current machine, there’s a good chance that if you run the above, you’ll get the following result:

Restricted

Execution Policy determines how Powershell runs scripts. By default, the execution policy is set to Restricted to prevent malicious scripts being executed. In this mode, you can only use Powershell in Interactive mode, allowing you to run existing scripts but not any that you’ve created, or downloaded.

There are in fact, four different execution policy levels:

  • Restricted - No created/imported scripts can be run. Windows Powershell can only be used in interactive mode.
  • AllSigned - Only scripts that are signed by a trusted publisher can be run.
  • RemoteSigned - Scripts that are automatically downloaded can be run, only if they are signed by a trusted publisher.
  • Unrestricted - All scripts can be run, without restrictions.

Want to run your own scripts, and need to change the ExecutionPolicy value? You guessed it, we need to use Set-ExecutionPolicy:

Set-ExecutionPolicy <policy-level>

Note: In order to run this, you’ll need to run Powershell as an Administrator. It’s also important to note that this does leave your machine vulnerable to potentially malicious scripts. If you are just testing a script that you’ve read, and you know is safe, it wouldn’t be a bad idea to set the ExecutionPolicy back to Restricted afterwards.

It’s also a good idea to limit the scope of the ExecutionPolicy. For instance, to have unrestricted access for your current user, you can run:

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted

Quick Fix: Bypass for a Single Script

If you don’t want to permanently change the execution policy, you can bypass it for a single script. This runs your script without altering any system-wide settings:

powershell -ExecutionPolicy Bypass -File .\my-script.ps1

This is useful when you need to run a one-off script and don’t want to set the execution policy to Unrestricted across your machine.

Checking the Full Policy List

To see the execution policy set at every scope, run:

Get-ExecutionPolicy -List

You’ll get output like this:

        Scope ExecutionPolicy
        ----- ---------------
MachinePolicy       Undefined
   UserPolicy       Undefined
      Process       Undefined
  CurrentUser    Unrestricted
 LocalMachine      Restricted

This is helpful for tracking down exactly where a policy is being applied. Powershell evaluates these scopes in order from top to bottom, and the first defined policy wins.

Common Issue: Windows 11

If you’ve recently set up a new Windows 11 machine, you’ll find that the execution policy defaults to Restricted, just like previous versions of Windows. You’ll need to change the execution policy in Powershell before you can run any custom scripts.

If you’re seeing “cannot be loaded because running scripts is disabled on this system”, check out the related article: ps1 cannot be loaded because running scripts is disabled.

Related Posts