This is a part of an on-going blog series written by Adam Gordon. Each week, Adam will walk you through a PowerShell command, showing you when and how to use each one. This week, Adam covers Set-ExecutionPolicy.
When to use Set-ExecutionPolicy
Anytime you need to set the PowerShell execution policies for Windows computers.
An execution policy is part of the PowerShell security strategy. Execution policies determine whether you can load configuration files, such as your PowerShell profile, or run scripts. And, whether scripts must be digitally signed before they are run.
The Set-ExecutionPolicy cmdlet’s default scope is LocalMachine, which affects everyone who uses the computer. To change the execution policy for LocalMachine, start PowerShell with Run as Administrator.
How to use Set-ExecutionPolicy
Set an execution policy:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine
Get-ExecutionPolicy -List
The Set-ExecutionPolicy cmdlet uses the ExecutionPolicy parameter to specify the RemoteSigned policy. The Scope parameter specifies the scope value, LocalMachine. To view the execution policy settings, use the Get-ExecutionPolicy cmdlet with the List parameter.
Apply the execution policy from a remote computer to a local computer:
Invoke-Command -ComputerName Server01 -ScriptBlock { Get-ExecutionPolicy } | Set-ExecutionPolicy
The Invoke-Command cmdlet is executed at the local computer and sends the ScriptBlock to the remote computer.
The ComputerName parameter specifies the remote computer, Server01.
The ScriptBlock parameter runs Get-ExecutionPolicy on the remote computer.
The Get-ExecutionPolicy object is sent down the pipeline to the Set-ExecutionPolicy.
Set-ExecutionPolicy applies the execution policy to the local computer’s default scope, LocalMachine.
Remove the execution policy for the current user:
Set-ExecutionPolicy -ExecutionPolicy Undefined -Scope CurrentUser
Get-ExecutionPolicy -List
The Set-ExecutionPolicy cmdlet uses the ExecutionPolicy parameter to specify the Undefined policy. The Scope parameter specifies the scope value, CurrentUser. To view the execution policy settings, use the Get-ExecutionPolicy cmdlet with the List parameter.
Set the execution policy for the current PowerShell session:
Set-ExecutionPolicy -ExecutionPolicy AllSigned -Scope Process
Get-ExecutionPolicy -List
The Process scope only affects the current PowerShell session. The execution policy is saved in the environment variable $env:PSExecutionPolicyPreference and is deleted when the session is closed.
The Set-ExecutionPolicy cmdlet uses the ExecutionPolicy parameter to specify the AllSigned policy. The Scope parameter specifies the value, Process. To view the execution policy settings, use the Get-ExecutionPolicy cmdlet with the List parameter.
Need PowerShell training? Check out ITProTV’s PowerShell online IT training courses.