PowerShell says "execution of scripts is disabled on this system."

Question

I am trying to run a cmd file that calls a PowerShell script from cmd.exe, but I am getting this error:

Management_Install.ps1 cannot be loaded because the execution of scripts is disabled on this system.

I ran this command:

Set-ExecutionPolicy -ExecutionPolicy Unrestricted

When I run Get-ExecutionPolicy from PowerShell, it returns Unrestricted.

Get-ExecutionPolicy

Output:

Unrestricted

---

cd "C:\Projects\Microsoft.Practices.ESB\Source\Samples\Management Portal\Install\Scripts" powershell .\Management_Install.ps1 1

WARNING: Running x86 PowerShell...

File C:\Projects\Microsoft.Practices.ESB\Source\Samples\Management Portal\Install\Scripts\Management_Install.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see "get-help about_signing" for more details.

At line:1 char:25

• .\Management_Install.ps1 <<<< 1

  • CategoryInfo : NotSpecified: (:) [], PSSecurityException

  • FullyQualifiedErrorId : RuntimeException

C:\Projects\Microsoft.Practices.ESB\Source\Samples\Management Portal\Install\Scripts> PAUSE

Press any key to continue . . .

---

The system is Windows Server 2008 R2.

What am I doing wrong?

Answer 1

To solve this Windows security-related problem

1- Open PowerShell as Administrator

2- Type Get-ExecutionPolicy - to check the current Execution Policy if it is Restricted then

3- Type Set-ExecutionPolicy RemoteSigned or Set-ExecutionPolicy RemoteSigned -Scope CurrentUser - to change the policy

4- Type y to confirm the changes.

Answer 2

There's great information in the existing answers, but let me attempt a systematic overview:

Context

PowerShell's effective execution policy applies:

• to PowerShell code stored in files, which means:

  • regular script files (*.ps1)
  • script module files (*.psm1) (modules implemented in PowerShell)
  • modules that are bundled with formatting and type-extension files (*.Format.ps1xml and *.Types.ps1xml) - even if those files happen not to contain embedded PowerShell script blocks.
  • It does not apply to:
    • calls to (binary) cmdlets (e.g., Get-ChildItem), except for third-party binary cmdlets that come with modules that encompass formatting and type-extension files, as discussed above.
    • commands submitted interactively or passed to the PowerShell CLI via the
      -Command parameter (unless these commands directly or indirectly call script files as defined above).

• on Windows only (that is, on Unix-like platforms (Linux, macOS) execution policies do not apply and no restrictions are placed on executing PowerShell code)

In workstation editions of Windows, script-file execution is disabled by default (policy Restricted), requiring either a persistent modification of the policy to enable it, or a current-process-only modification such as via the -ExecutionPolicy parameter when calling the PowerShell CLI, powershell.exe (Windows PowerShell edition) / pwsh.exe (PowerShell (Core) 7 edition).
In recent server editions of Windows, the default policy is RemoteSigned, meaning that while locally stored scripts (including on file shares) may be executed, downloaded-from-the-web scripts only execute if they're signed.

Execution policies are maintained separately:

• for the two PowerShell editions:

  • the legacy, Windows-only, ships-with-Windows Windows PowerShell edition (whose latest and last version is v5.1.x)
  • the modern, cross-platform, install-on-demand PowerShell (Core) 7 edition.

• for the 32-bit and 64-bit versions of Windows PowerShell (both of which are preinstalled)

  • Note: If you were to install 32-bit and 64-bit versions of PowerShell (Core) side by side (which would be unusual), only the LocalMachine scope would be bitness-specific.

For a given edition / bitness combination of PowerShell, the execution policies can be set in multiple scopes, but there's only ever one effective policy, based on precedence rules - see below.

---

Details

• In PowerShell on Windows, script-file execution is disabled by default in workstation editions of Windows (on Unix, execution policies do not apply); that is, the default execution policy in workstation editions of Windows is Restricted, whereas in server editions, it is RemoteSigned; see the conceptual about_Execution_Policies help topic for a description of all available policies.

• To set a (local) policy that permits script execution, use Set-ExecutionPolicy with a policy of AllSigned, RemoteSigned, Unrestricted, or Bypass, in descending order of security. There are three scopes that Set-ExecutionPolicy can target, using the -Scope parameter (see below); changing the LocalMachine scope's policy requires elevation (running as admin).

  • A frequently used policy that provides a balance between security and convenience is RemoteSigned, which allows local scripts - including from network shares - to execute without containing a signature, while requiring scripts downloaded from the internet to be signed (assuming that the downloading mechanism marks such as scripts as internet-originated, which web browsers do by default). For instance, to set the current user's execution policy to RemoteSigned, run the following (-Force bypasses the confirmation prompt that is shown by default):

    Set-ExecutionPolicy -Scope CurrentUser RemoteSigned -Force
    

  • To unset a previously set policy in a given scope, use the Undefined policy.

• The PowerShell CLI (powershell.exe for Windows PowerShell, pwsh.exe for PowerShell (Core) 7) accepts a process-specific -ExecutionPolicy <policy> argument too, which is often used for ad-hoc policy overrides (only for the process being created, the equivalent of Set-ExecutionPolicy -Scope Process ...); e.g.:

  pwsh.exe -ExecutionPolicy RemoteSigned -File someScript.ps1
  

• Important:

  • Execution policies can also be set via Group Policy Objects (GPOs), in which case they can not be changed or overridden with Set-ExecutionPolicy or via the CLI's -ExecutionPolicy parameter: see about_Group_Policy_Settings

  • Execution policies can be set in various scopes, and which one is in effect is determined by their precedence (run Get-ExecutionPolicy -List to see all scopes and their respective policies), in descending order:

    • MachinePolicy (via GPO; cannot be overridden locally)^[1]
    • UserPolicy (via GPO; cannot be overridden locally)^[1]
    • Process (current process only; typically set ad-hoc via the CLI)
    • CurrentUser (as set by Set-ExecutionPolicy)
    • LocalMachine (as set by Set-ExecutionPolicy, with admin rights)

---

^{[1] This applies to domain-wide GPOs. Local GPOs can be modified locally, namely via gpedit.msc or directly via the registry, which in the case of the machine policy requires administrative privileges.}

Answer 3

In most cases there is a simple workaround. Just highlight all the the PS-code in PowerShell_ISE and then press the second green arrow on top which executes the highlighted code lines.

That simple trick can avoid changing the execution policy which may require elevated rights to do that.

Answer 4

In Windows 7:

Go to Start Menu and search for "Windows PowerShell ISE".

Right click the x86 version and choose "Run as administrator".

In the top part, paste Set-ExecutionPolicy RemoteSigned; run the script. Choose "Yes".

Repeat these steps for the 64-bit version of Powershell ISE too (the non x86 version).

Answer 5

If you're here because of running it with Ruby or Chef and using `` system execution, execute as follows:

`powershell.exe -ExecutionPolicy Unrestricted -command [Environment]::GetFolderPath(\'mydocuments\')`

That command is for getting "MyDocuments" Folder.

-ExecutionPolicy Unrestricted does the trick.

Answer 6

A best practice is to read the script's code and verify it's safe before using the Unblock-File cmdlet. The Unblock-File cmdlet unblocks scripts so they can run, but doesn't change the execution policy. PS> Unblock-File -Path .\Start-ActivityTracker.ps1

See https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.security/get-executionpolicy?view=powershell-7.4

Answer 7

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted

This worked for me

Answer 8

In VS code just run this command:

Set-ExecutionPolicy -Scope CurrentUser Unrestricted

Answer 9

In powershell

To check the current execution policy, use the following command:

Get-ExecutionPolicy

To change the execution policy to Unrestricted, which allows running any script without digital signatures, use the following command:

Set-ExecutionPolicy Unrestricted

This solution worked for me, but be careful of the security risks involved.

Answer 10

in my case it happened because i use PowerShell and I should use the cmd prompt

Answer 11

First, you need to open the PowerShell window and run this command.

set-ExecutionPolicy RemoteSigned -Scope CurrentUser

Then it will ask you to confirm. Type Y and press Enter.

When you run this command, you can see that your system has set all policies for the current user as remotely. It will take a few seconds to complete this process.

The image will be shown like below:

To check if the execution policy has set. Type:

Get-ExecutionPolicy

If it was set, the output would be like this:

Answer 12

It happened to me as well. For me, the solution was simple. I didn't realize that the path in the command prompt to run Nodemon was different to where I installed the package.

So it gave me the same error that you've mentioned.

Changing my path resolved it.

Answer 13

If you have Git installed, just use Git Bash.

Answer 14

I have also faced a similar issue. Try this.

As I'm using Windows, I followed the steps as given below. Open a command prompt as an administrator and then go to this path:

C:\Users\%username%\AppData\Roaming\npm\

Look for the file ng.ps1 in this folder (directory) and then delete it (del ng.ps1).

You can also clear npm cache after this though it should work without this step as well.

Answer 15

Most of the existing answers explain the How, but very few explain the Why. And before you go around executing code from strangers on the Internet, especially code that disables security measures, you should understand exactly what you're doing. So here's a little more detail on this problem.

From the TechNet About Execution Policies Page:

Windows PowerShell execution policies let you determine the conditions under which Windows PowerShell loads configuration files and runs scripts.

The benefits of which, as enumerated by PowerShell Basics - Execution Policy and Code Signing, are:

• Control of Execution - Control the level of trust for executing scripts.
• Command Highjack - Prevent injection of commands in my path.
• Identity - Is the script created and signed by a developer I trust and/or a signed with a certificate from a Certificate Authority I trust.
• Integrity - Scripts cannot be modified by malware or malicious user.

To check your current execution policy, you can run Get-ExecutionPolicy. But you're probably here because you want to change it.

To do so you'll run the Set-ExecutionPolicy cmdlet.

You'll have two major decisions to make when updating the execution policy.

Execution Policy Type:

• Restricted^† - No Script either local, remote or downloaded can be executed on the system.
• AllSigned - All script that are ran require to be digitally signed.
• RemoteSigned - All remote scripts (UNC) or downloaded need to be signed.
• Unrestricted - No signature for any type of script is required.

Scope of new Change

• LocalMachine^† - The execution policy affects all users of the computer.
• CurrentUser - The execution policy affects only the current user.
• Process - The execution policy affects only the current Windows PowerShell process.

^{† = Default}

For example: if you wanted to change the policy to RemoteSigned for just the CurrentUser, you'd run the following command:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

Note: In order to change the Execution policy, you must be running PowerShell As Administrator. If you are in regular mode and try to change the execution policy, you'll get the following error:

Access to the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' is denied. To change the execution policy for the default (LocalMachine) scope, start Windows PowerShell with the "Run as administrator" option.

If you want to tighten up the internal restrictions on your own scripts that have not been downloaded from the Internet (or at least don't contain the UNC metadata), you can force the policy to only run signed scripts. To sign your own scripts, you can follow the instructions on Scott Hanselman's article on Signing PowerShell Scripts.

Note: Most people are likely to get this error whenever they open PowerShell because the first thing PowerShell tries to do when it launches is execute your user profile script that sets up your environment however you like it.

The file is typically located in:

%UserProfile%\My Documents\WindowsPowerShell\Microsoft.PowerShellISE_profile.ps1

You can find the exact location by running the PowerShell variable

$profile

If there's nothing that you care about in the profile, and don't want to fuss with your security settings, you can just delete it and PowerShell won't find anything that it cannot execute.

Answer 16

Open a Windows PowerShell command window and run the below query to change ExecutionPolicy:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

If it asks for confirming changes, press Y and hit Enter.

Answer 17

You can use a special way to bypass it:

Get-Content "PS1scriptfullpath.ps1" | Powershell -NoProfile -

It pipes the content of PowerShell script to powershell.exe and executes it bypassing the execution policy.

Answer 18

Win + R and type copy paste command and press OK:

powershell Set-ExecutionPolicy -Scope "CurrentUser" -ExecutionPolicy "RemoteSigned"

And execute your script.

Then revert changes like:

powershell Set-ExecutionPolicy -Scope "CurrentUser" -ExecutionPolicy "AllSigned"

Answer 19

You can also bypass this by using the following command:

powershell Get-Content .\test.ps1 | Invoke-Expression

You can also read this article by Scott Sutherland that explains 15 different ways to bypass the PowerShell Set-ExecutionPolicy if you don't have administrator privileges:

15 Ways to Bypass the PowerShell Execution Policy

Answer 20

We can get the status of current ExecutionPolicy by the command below:

Get-ExecutionPolicy

By default it is Restricted. To allow the execution of PowerShell scripts we need to set this ExecutionPolicy either as Unrestricted or Bypass.

We can set the policy for Current User as Bypass by using any of the below PowerShell commands:

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -Force

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Bypass -Force

Unrestricted policy loads all configuration files and runs all scripts. If you run an unsigned script that was downloaded from the Internet, you are prompted for permission before it runs.

Whereas in Bypass policy, nothing is blocked and there are no warnings or prompts during script execution. Bypass ExecutionPolicy is more relaxed than Unrestricted.

Answer 21

I found this line worked best for one of my Windows Server 2008 R2 servers. A couple of others had no issues without this line in my PowerShell scripts:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force -Scope Process

Answer 22

In the PowerShell ISE editor I found running the following line first allowed scripts.

Set-ExecutionPolicy RemoteSigned -Scope Process

Answer 23

Also running this command before the script also solves the issue:

Set-ExecutionPolicy Unrestricted

Answer 24

RemoteSigned: all scripts you created yourself will be run, and all scripts downloaded from the Internet will need to be signed by a trusted publisher.

OK, change the policy by simply typing:

Set-ExecutionPolicy RemoteSigned

Answer 25

In Windows 10, enable the option under the name: 'Install apps from any source, including loose files.'

It fixed the issue for me.

Answer 26

For Windows 11...

It is indeed very easy. Just open the settings application. Navigate to Privacy and Security:

Click on For Developers and scroll to the bottom and find the PowerShell option under which check the checkbox stating "Change the execution policy ... remote scripts".

Answer 27

You should run this command:

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted

Answer 28

If you are in an environment where you are not an administrator, you can set the Execution Policy just for you (CurrentUser), and it will not require administrator.

You can set it to RemoteSigned:

Set-ExecutionPolicy -Scope "CurrentUser" -ExecutionPolicy "RemoteSigned"

or Unrestricted:

Set-ExecutionPolicy -Scope "CurrentUser" -ExecutionPolicy "Unrestricted"

You can read all about Getting and Setting Execution policy in the help entries:

Help Get-ExecutionPolicy -Full
Help Set-ExecutionPolicy -Full

Answer 29

Open the command prompt in Windows. If the problem is only with PowerShell, use the following command:

powershell Set-ExecutionPolicy -Scope "CurrentUser" -ExecutionPolicy "RemoteSigned"

Answer 30

In Window 10:

If you are not administrator, you can use this:

powershell Set-ExecutionPolicy -Scope CurrentUser

cmdlet Set-ExecutionPolicy at command pipeline position 1
Supply values for the following parameters:
ExecutionPolicy: `RemoteSigned`

It solved my problem like a charm!