PowerShell Execution Policy
An execution policy is the feature of PowerShell that specifies the conditions under which PowerShell loads the configuration files and run the scripts.
On a Windows operating system, we can set the execution policy for the current user, local computer, or for a specific session. Execution policies for the Current user and the local computer are stored in the registry, and for a specific session, execution policy is stored only in the memory, which is lost when the session is closed.
On a non-Windows operating system, the default execution policy is unrestricted. And this policy cannot be unchanged.
PowerShell Execution Policies
The following are the PowerShell execution policies:
- AllSigned
- Bypass
- RemoteSigned
- Restricted
- Undefined
- Unrestricted
AllSigned
- Only those scripts can run, which are signed by a trusted publisher with a digital signature.
- Before running the scripts, this policy prompts you a confirmation that you trust the publisher or not.
Bypass
- In this policy, nothing is blocked.
- There are no warnings, or no prompts are provided.
- Bypass policy is mainly designed for those configurations in which a script of PowerShell is built into a larger application.
RemoteSigned
- It is the default execution policy for the Windows Server computers.
- This policy requires the digital signature from the trusted publishers on the configuration files and the scripts. These files and scripts are downloaded from the internet that includes emails and instant messaging programs.
- This execution policy does not require the digital signature on those scripts which are written on the local computers.
Restricted
- This execution policy is available by default for Windows client computers.
- It does not allow to run the scripts but permits the individual commands.
Undefined
- No execution policy is defined in the current scope.
Unrestricted
- It is a default execution policy for the non-windows Computers.
- This policy executes those scripts which are unsigned.
Execution Policy Scope
The following are the valid values for the execution policy scope:
- MachinePolicy
- UserPolicy
- Process
- CurrentUser
- LocalMachine
MachinePolicy
This scope sets by the group policy for all the computer users.
UserPolicy
This scope sets by the Group policy for the current user of a computer.
Process
This scope only affects the current session of PowerShell.
CurrentUser
In this scope, the execution policy affects only the current scope.
LocalMachine
In this scope, the execution policy affects all the users on the current computer.
Manage the Execution policy
- We can use the following Cmdlet to get the effective execution policy for the current PowerShell session:
- We can use the following command to get all the execution policies which affect the current session. And, using this command, we display them in the precedence order.
Get-ExecutionPolicy -list
The output of the above command looks like this:
- We can use the -Scope parameter to get the execution policy for a particular scope. For example, the following command gets the execution policy for the LocalMachine Scope:
Get-ExecutionPolicy -Scope LocalMachine
The above command will display output as RemoteSigned
Change the Execution Policy
- We can use the Set-ExecutionPolicy cmdlet to change the execution policy of PowerShell on Windows computers. The changes done by you are affected immediately. You don’t require to restart the PowerShell Window.
- If you made some changes in the execution policy for the scope CurrentUser and LocalMachine, the changes are saved in the registry, and they remain effective until you change them again.
- If you make changes in the execution policy for the Process scope, then they are not saved in the registry.
- The following block describes you a syntax which is used to change the execution policy:
Set-ExecutionPolicy -ExecutionPolicy <PolicyName>
Remove the ExecutionPolicy
We can remove the execution policy for a particular scope by setting the execution policy to Undefined.
Example: This example removes the execution policy for all the users of the local computer.
Set-ExecutionPolicy -ExecutionPolicy Undefined -Scope LocalMachine
|