How to enable scripts and scripting in PowerShell

One of the neat things about running anad campaign is that Google lets you know what keywords people are using in searches - which basically helps me figure out what, in part, to write about. "powershell enable scripts" comes up a LOT - which isn't surprising, I guess, since PowerShell disables script execution by default.

So, the quick and dirty answer, in the event that you've run across this post looking for such an answer: Run Set-ExecutionPolicy RemoteSigned in the shell. You'll need to be a local admin, and be running the shell as admin (make sure it says "Administrator" in the window's title bar) for this to work. Pay attention to the output, too: If the local settings are being overridden by a Group Policy object, then you'll get a warning about that, letting you know that the command worked but won't do any good.

Now, you should probably read a few of the gory details. There are actually five execution policy levels you can set (run Help Set-ExecutionPolicy for a brief list, or help about_signing for a complete explanation). They are, in order of most-secure to least-secure:
  • Restricted: The default. Scripts don't run, although you can use the shell interactively to run commands.
  • AllSigned: Scripts will run if they've been digitally signed using a certificate issued by a trusted Certification Authority. You'll need a Class 3, or code-signing, certificate - that's not the same as the Class 1 you'd use to sign an e-mail. 
  • RemoteSigned: Local scripts will run, but anything "remote" - coming from an Internet path, downloaded from IE or Outlook, or potentially sitting on a UNC path, must be signed. Microsoft suggests this policy as a good balance between security and convenience. 
  • Unrestricted: All scripts will run without a signature. This isn't recommended - it provides a little too much room for a malicious script to be run unintentionally.
  • Bypass: This is meant for software products that are hosting PowerShell and providing their own layer of security. You're not meant to set the shell-wide policy to this on your own.
So there you have it: A brief overview of the possible settings, and a fast path for getting scripts running in your copy of the shell. Running help about_signing will reveal all the other little details, like how to sign a script, how to make a self-signed certificate for use on your local machine, and so on. 

Please or Register to post comments.

What's PowerShell with a Purpose Blog?

Don Jones demystifies Windows PowerShell.

Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×