Getting and setting Execution Policy in Powershell

This article covers how to use two very useful powershell commands, 'Get-ExecutionPolicy' and 'Set-ExecutionPolicy'

I'd run into an issue in a previous article where I couldn't run scripts on my home PC (see ps1 cannot be loaded because running scripts is disabled on this system). After working out what the issue was, it seemed a good idea to take a closer look at the commands that helped resolve it.

First, let's take a quick look at Get-ExecutionPolicy:


If you haven't yet run any scripts in Powershell on your current machine, there's a good chance that if you run the above, you'll get the following result:


Execution Policy determines how Powershell runs scripts. By default, the execution policy is set to Restricted to prevent malicious scripts being executed. In this mode, you can only use Powershell in Interactive mode, allowing you to run existing scripts but not any that you've created, or downloaded.

There are in fact, four different execution policy levels:

  • Restricted - No created/imported scripts can be run. Windows Powershell can only be used in interactive mode.
  • AllSigned - Only scripts that are signed by a trusted publisher can be run.
  • RemoteSigned - Scripts that are automatically downloaded can be run, only if they are signed by a trusted publisher.
  • Unrestricted - All scripts can be run, without restrictions.

Want to run your own scripts, and need to change the ExecutionPolicy value? You guessed it, we need to use Set-ExecutionPolicy:

Set-ExecutionPolicy <policy-level>

Note: In order to run this, you'll need to run Powershell as an Administrator. It's also important to note that this does leave your machine vulnerable to potentially malicious scripts. If you are just testing a script that you've read, and you know is safe, it wouldn't be a bad idea to set the ExecutionPolicy back to Restricted afterwards.

It's also a good idea to limit the scope of the ExecutionPolicy. For instance, to have unrestricted access for your current user, you can run:

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted