Powershell

What is PowerShell Execution Policy

The execution policy of PowerShell is a security feature that allows the system to load the configuration files and also allows it to run the scripts. The execution policy can also be set for the local computer, current user, or any other session.

The execution policies made for current users and for local computers are stored in the registry, and for other sessions, the execution policies are stored in the memory section. Whenever the session has closed the memory and the data stored in it are lost. The default execution policy of operating systems other than Windows is always unrestricted and this policy is unchangeable.

This post will give you the details about Powershell’s Execution policy.

What are the PowerShell Execution Policies?

The execution policy in PowerShell is a security system strategy that determines whether you can load the configuration files and scripts or not. It also determines whether the executable scripts are digitally signed and authorized by the publisher or not.

The possible execution policies in PowerShell are briefly explained below.

  • AllSigned: This execution policy will run only such scripts which are from trusted publishers and those that are digital signatures. Whenever you run an AllSigned script on your machine it will always ask you whether you want to run the certain script or not in a prompt.
  • Bypass: The Bypass execution policy does not block any script from running. Moreover, it does not give any warnings and no prompts. This policy is developed for those configurations in which the scripts are designed for larger applications.
  • RemoteSigned: it is the default policy for the computers of the Windows servers. Whenever you load a configuration file or script from the computer system, it is always required to digitally sign from a trusted publisher.
  • Restricted: The execution policy for the Windows client computer is the Restricted execution policy. This execution policy does not allow the scripts to run but it only allows individual commands to execute.
  • Unrestricted: It is the default execution policy for the operating systems (other than windows). Unrestricted is a policy that only allows the files and scripts which are unsigned.

The Scopes of PowerShell Execution Policy

PowerShell scope is used to protect the variables by limiting where they can be modified and read.

PowerShell scope is important because it protects the items that should not be changed.

There are 5 different execution policy scopes all of them are explained briefly below.

  • Machine Policy: set by the group policy for all the users of a computer machine.
  • User Policy: set by the group policy for the current user only.
  • Process: only affects the currently running session on a computer.
  • CurrentUser: In the CurrentUser scope the execution policy will only affect the current scope.
  • LocalMachine: In LocalMachine scope, the execution policy will affect all the users on the current computer machine.

Let’s head over to play with execution policies in PowerShell.

How to get the current Execution policy?

If you want to get the current execution policy in PowerShell then use the “Get-ExecutionPolicy” cmdlet as shown below:

> Get-ExecutionPolicy

The above line of code will get you the execution policy.

How to get the list of all Execution policies?

If you want to get the list of all possible execution policies then you have to use the “Get-ExecutionPolicy” with the “-List” parameter as follows:

> Get-ExecutionPolicy -List

The above line of code will get the list of all execution policies.

How to get the Execution policy for specific scope?

The Get-ExecutionPolicy cmdlet is used to get the execution policy of the scope of your choice.

> Get-ExecutionPolicy -Scope Process

This line of code will get you an execution policy.

How to Set Execution Policy?

The Set-Execution policy cmdlet can be used to set the new execution policy. For instance, the following command will set the execution policy to RemoteSigned:

> Set-ExecutionPolicy RemoteSigned

The above piece of code will set the execution policy.

How to set the scope of an Execution Policy?

If you want to set the execution policy for the specific scope then you can utilize the “-Scope‘ option of the Set-Execution cmdlet as follows:

> Set-ExecutionPolicy -Scope LocalMachine -ExecutionPolicy RemoteSigned

The above code snippet will set the scope of an execution policy.

How to remove the Execution policy?

If you want to remove any execution policy then you have to put the current-scope, and current execution policy with the Set-ExecutionPolicy cmdlet as we did here:

> Set-ExecutionPolicy -Scope LocalMachine -ExecutionPolicy Undefined -Force

The output of this code is that the Execution policy has been removed.

We have provided a detailed post on the execution policies of PowerShell.

Conclusion

The PowerShell Execution policy is a security feature used in PowerShell that determines whether a user is allowed to load configuration files and scripts or not. PowerShell supports various execution policies including AllSigned, Bypass, RemoteSigned, etc. In this article, the PowerShell scopes are also defined which are LocalMachine, User policy, Machine policy, etc. Additionally, you have also learned to get or set the execution policy for a specific scope.

About the author

Adnan Shabbir