When you start Windows PowerShell on a computer, the default security policy does not allow you to run scripts. The Windows PowerShell security policy for scripting is called an execution policy. The execution policy lets you determine whether scripts can run in your environment and whether they must include a digital signature. None of the execution policies in Windows PowerShell allow you to run a script by double-clicking its icon because that is a high-risk method of running a script.
The following execution policies govern scripting in Windows PowerShell:
Because the default Windows PowerShell execution policy is Restricted, you cannot run Windows PowerShell scripts until you change to a less restrictive execution policy. The following table lists Windows PowerShell Help topics that explain what you need to know about Windows PowerShell execution policies and how to change your policy so that you can run scripts.
Get-Help about_Signing
Displays information about Windows PowerShell execution policies and the levels of security that the execution policies provide.
Get-Help Get-ExecutionPolicy
Displays information that explains how to determine your current scripting security policy.
Get-Help Set-ExecutionPolicy
Displays information that explains how to change your scripting security policy.
Three extensions are available for script files in Windows PowerShell, although most script files have the .ps1 extension.
Windows PowerShell script
.ps1
A standard Windows PowerShell script.
Windows PowerShell console file
.psc1
A special type of script file that defines the configuration of a specific Windows PowerShell console. For example:
For more information about Windows PowerShell console files, type Get-Help Export-Console at the command prompt.
Windows PowerShell format and type definitions
.ps1xml
A type of script file that provides a mechanism for extending the Microsoft .NET Framework type system. These script files are in the Windows PowerShell home directory (<C>:\WINDOWS\SysWOW64\Windowspowershell\v1.0), For more information, type Get-Help about_Types at the command prompt.
When you run a Windows PowerShell script, you must always indicate the full path with the name of the script even if you are working in the directory in which the script is located. If the script needs (or powershell command window) needs elevated permissions to do a task you will get an error if you have not run the PowerShell window using elevated permissions. See How to Run Any Program Including PowerShell with Elevated Privileges (aka Administrator Permissions). You can use the following methods to run a Windows PowerShell script:
In order to run a script, you have to allow that script to run. I will do this by setting my execution policy to RemoteSigned.
RemoteSigned - Scripts can run. - Requires a digital signature from a trusted publisher on scripts and configuration files that are downloaded from the Internet (including e-mail and instant messaging programs). - Does not require digital signatures on scripts that you have run and that you have written on the local computer (not downloaded from the Internet). - Risks running unsigned scripts from sources other than the Internet and signed, but malicious, scripts. See http://technet.microsoft.com/en-us/library/dd347641.aspx for more detail.
first I want to get the current execution policy
get-executionpolicy -list
Scope ExecutionPolicy ------------- --------------- MachinePolicy Undefined UserPolicy Undefined Process Undefined CurrentUser Undefined LocalMachine Undefined
There are no policies defined which means it is using the default which is Restricted.
Restricted - Default execution policy. - Permits individual commands, but will not run scripts. - Prevents running of all script files, including formatting and configuration files (.ps1xml), module script files (.psm1), and Windows PowerShell profiles (.ps1).
You can change the policy by issuing the PowerShell command. But that does not work. It does not work because you likely do not have the rights to change this setting. However, when you run the command you do get a pretty detailed error message.
Set-ExecutionPolicy RemoteSigned
NOTE: if you try to set the ExecutionPolicy from a PowerShell window (even if it has elevated privileges) you will get a message similar to:
Set-ExecutionPolicy : Access to the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft .PowerShell' is denied. At line:1 char:20 + Set-ExecutionPolicy <<<< RemoteSigned + CategoryInfo : NotSpecified: (:) [Set-ExecutionPolicy], UnauthorizedAccessException + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetExecutionPolicyComma nd
The only way I see to get around this is to manually go into the registry to set the settings.
Start – regedit – <ENTER>… drill down to the proper location…
Expand:
If there is an ExecutionPolicy value in the right pane, just change it to RemoteSigned (Double-Click). If there is not, you will have to create a String Value.
Once you do this, you can run the get-executionpolicy –list command again with the following results
Scope ExecutionPolicy ---------------- --------------- MachinePolicy Undefined UserPolicy Undefined Process Undefined CurrentUser Undefined LocalMachine RemoteSigned
Related Articles:
How to Run Any Program Including PowerShell with Elevated Privileges (aka Administrator Permissions)
Other References: Running Scripts
