By default, Windows PowerShell scripts are not allowed to run on the system. For security reasons, all PowerShell scripts must be digitally signed, a method called runtime policy.
If a script does not meet this condition, PowerShell scripts are not allowed to run on the system. This is primarily due to the fact that the script may contain malicious code that can harm the operating system.
PowerShell has several execution modes that determine what type of code is allowed to execute. There are 5 different execution modes:
- Restricted – default value. Any scripts are blocked and interactive commands are allowed.
- All Signed – scripts that have a digital signature are allowed.
- Remote Signed – local scripts are allowed to run without a signature. All downloaded scripts must be digitally signed.
- Unrestricted – any scripts are allowed to run. When running an unsigned script that was downloaded from the Internet, the program may require confirmation.
- Bypass – nothing is blocked, no warnings or requests appear.
The default mode for PowerShell is “Restricted“. In this mode, PowerShell runs as an interactive shell. If you have not configured PowerShell before, you will see an error message written in red font like in the screenshot below instead of the script running.
The safest way to solve this problem is to change the runtime policy to unrestricted, run the script, and then revert back to the restricted policy.
To change the execution policy to Unlimited, let’s use the PowerShell console opened with Administrator privileges and run the following command:
After running the command, you will be prompted to confirm the runtime policy change. Answer Y (Yes).
You can now run the script. However, you are putting the system at serious risk, so when the script finishes running, be sure to revert the execution policy back to restricted mode. You can do this with the following command:
After running the command, you will be prompted to confirm the runtime policy change. Answer Y (Yes)
The following are all commands to change the execution policy.
Block the execution of any scripts. Default value.
Execution of digitally signed scripts is allowed.
Scripts prepared on a local computer can be run without restrictions, scripts downloaded from the Internet – only if digitally signed.
Execution of any scripts is allowed. If you run an unsigned script that was downloaded from the Internet, the program may ask for confirmation.
Nothing is blocked, no warnings or requests appear.
To execute the above commands without confirming the change, use the -Force parameter, e.g. run the command:
Set-ExecutionPolicy Bypass -Force
Now you don’t have to confirm changes when executing commands.