PowerShell Logo Small

Set-ExecutionPolicy



This is the built-in help made by Microsoft for the command 'Set-ExecutionPolicy', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Changes the user preference for the Windows PowerShell execution policy.

SYNTAX


Set-ExecutionPolicy [-ExecutionPolicy] <ExecutionPolicy> [[-Scope] <ExecutionPolicyScope>] [-Force] [-Confirm] [-WhatIf] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-ExecutionPolicy cmdlet changes the user preference for the Windows PowerShell execution policy.


The execution policy is part of the security strategy of Windows PowerShell. It determines whether you can load configuration files (including your Windows PowerShell
profile) and run scripts, and it determines which scripts, if any, must be digitally signed before they will run. For more information, see about_Execution_Policies
(http://go.microsoft.com/fwlink/?LinkID=135170).


NOTE: To change the execution policy for the default (LocalMachine) scope, start Windows PowerShell with the "Run as administrator" option.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/p/?linkid=293941
Get-AuthenticodeSignature
Get-ExecutionPolicy
Set-AuthenticodeSignature
about_Execution_Policies
about_Signing

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

PS C:\>Set-ExecutionPolicy RemoteSigned



This command sets the user preference for the shell execution policy to RemoteSigned.








-------------------------- EXAMPLE 2 --------------------------

PS C:\>Set-ExecutionPolicy Restricted
Set-ExecutionPolicy : Windows PowerShell updated your local preference successfully, but the setting is overridden by the group policy applied to your system. Due to the
override, your shell will retain its current effective execution policy of "AllSigned". Contact your group policy administrator for more information.
At line:1 char:20
+ Set-ExecutionPolicy <<<< restricted



This command attempts to set the execution policy for the shell to "Restricted." The "Restricted" setting is written to the registry, but because it conflicts with a Group
Policy, it is not effective, even though it is more restrictive than the policy.








-------------------------- EXAMPLE 3 --------------------------

PS C:\>Invoke-Command -ComputerName Server01 -ScriptBlock {Get-ExecutionPolicy} | Set-ExecutionPolicy -Force



This command gets the execution policy from a remote computer and applies that execution policy to the local computer.

The command uses the Invoke-Command cmdlet to send the command to the remote computer. Because you can pipe an ExecutionPolicy (Microsoft.PowerShell.ExecutionPolicy) object
to Set-ExecutionPolicy, the Set-ExecutionPolicy command does not need an ExecutionPolicy parameter.

The command uses the Force parameter to suppress the user prompt.








-------------------------- EXAMPLE 4 --------------------------

The first command uses the Set-ExecutionPolicy cmdlet to set an execution policy of AllSigned for the current user. It uses the Force parameter to suppress the user prompts.
PS C:\>Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy AllSigned -Force

The second command uses the List parameter of the Get-ExecutionPolicy cmdlet to get the execution policies set in each scope. The results show that the execution policy that
is set for the current user differs from the execution policy set for all users of the computer.
PS C:\>Get-ExecutionPolicy -List

Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser AllSigned
LocalMachine RemoteSigned


PS C:\>Get-ExecutionPolicy
AllSigned



This example shows how to set an execution policy for a particular scope.




-------------------------- EXAMPLE 5 --------------------------

PS C:\>Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Undefined



This command uses an execution policy value of Undefined to effectively remove the execution policy that is set for the current user scope. As a result, the execution policy
that is set in Group Policy or in the LocalMachine (all users) scope is effective.

If you set the execution policy in all scopes to Undefined and the Group Policy is not set, the default execution policy, Restricted, is effective for all users of the
computer.








-------------------------- EXAMPLE 6 --------------------------

PS C:\>Set-ExecutionPolicy -Scope Process -ExecutionPolicy AllSigned



This command sets an execution policy of AllSigned for only the current Windows PowerShell session. This execution policy is saved in the PSExecutionPolicyPreference
environment variable ($env:PSExecutionPolicyPreference), so it does not affect the value in the registry. The variable and its value are deleted when the current session is
closed.








-------------------------- EXAMPLE 7 --------------------------

The first command uses the Set-ExecutionPolicy cmdlet to change the execution policy to RemoteSigned.
PS C:\>Set-ExecutionPolicy RemoteSigned

The second command uses the Get-ExecutionPolicy cmdlet to get the effective execution policy in the session. The output shows that it is RemoteSigned.
PS C:\>Get-ExecutionPolicy
RemoteSigned

The third command shows what happens when you run a blocked script in a Windows PowerShell session in which the execution policy is RemoteSigned. The RemoteSigned policy
prevents you from running scripts that are downloaded from the Internet unless they are digitally signed.
PS C:\>.\Start-ActivityTracker.ps1

.\Start-ActivityTracker.ps1 : File .\Start-ActivityTracker.ps1 cannot be loaded. The file .\Start-ActivityTracker.ps1 is not digitally signed. The script will not execute on
the system. For more information, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:1
+ .\Start-ActivityTracker.ps1
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess


The fourth command uses the Unblock-File cmdlet to unblock the script so it can run in the session.Before running an Unblock-File command, read the script contents and
verify that it is safe.
PS C:\>Unblock-File -Path Start-ActivityTracker.ps1

The fifth and sixth commands show the effect of the Unblock-File command. The Unblock-File command does not change the execution policy. However, it unblocks the script so
it will run in Windows PowerShell.
PS C:\>Get-ExecutionPolicy
RemoteSigned
PS C:\>Start-ActivityTracker.ps1
Task 1:



This example shows the effect of the RemoteSigned execution policy, which prevents you from running unsigned scripts that were downloaded from the Internet. It also shows
how to use the Unblock-File cmdlet to unblock scripts, so that you can run them without changing the execution policy.