powershellscripts.com

Tutorials  PowerShell Cmdlet Help for Set-ExecutionPolicy



NAME
Set-ExecutionPolicy

SYNOPSIS
Changes the user preference for the Windows PowerShell execution policy.

SYNTAX
Set-ExecutionPolicy [-ExecutionPolicy] {Unrestricted | RemoteSigned | AllSigned | Restricted | Default | Bypass | U
ndefined} [[-Scope] {Process | CurrentUser | LocalMachine | UserPolicy | MachinePolicy}] [-Force] [-Confirm] [-What
If] []


DESCRIPTION
The Set-ExecutionPolicy changes the user preference for the Windows PowerShell execution policy.

To run this command on Windows Vista, Windows Server 2008, and later versions of Windows, you must start Windows Po
werShell with the "Run as administrator" option, even if you are a member of the Administrators group on the comput
er.

The execution policy is part of the security strategy of Windows PowerShell. It determines whether you can load con
figuration files (including your Windows PowerShell profile) and run scripts, and it determines which scripts, if a
ny, must be digitally signed before they will run.

For more information, see about_Execution_Policies.


PARAMETERS
-ExecutionPolicy
Specifies a new execution policy for the shell. The parameter name ("Name") is optional.

Valid values are:

-- Restricted: Does not load configuration files or run scripts. "Restricted" is the default.

-- AllSigned: Requires that all scripts and configuration files be signed by a trusted publisher, including scr
ipts that you write on the local computer.

-- RemoteSigned: Requires that all scripts and configuration files downloaded from the Internet be signed by a
trusted publisher.

-- Unrestricted: Loads all configuration files and runs all scripts. If you run an unsigned script that was dow
nloaded from the Internet, you are prompted for permission before it runs.

-- Bypass: Nothing is blocked and there are no warnings or prompts.

-- Undefined: Removes the currently assigned execution policy from the current scope. This parameter will not r
emove an execution policy that is set in a Group Policy scope.

Required? true
Position? 1
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false

-Force []
Suppresses all prompts. By default, Set-ExecutionPolicy displays a warning whenever you change the execution po
licy.

Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false

-Scope
Specifies the scope of the execution policy. The default is LocalMachine.

Valid values are:

-- Process: The execution policy affects only the current Windows PowerShell process.
-- CurrentUser: The execution policy affects only the current user.
-- LocalMachine: The execution policy affects all users of the computer.

To remove an execution policy from a particular scope, set the execution policy for that scope to Undefined.

Required? false
Position? 2
Default value LocalMachine
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false

-Confirm []
Prompts you for confirmation before executing the command.

Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false

-WhatIf []
Describes what would happen if you executed the command without actually executing the command.

Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false


This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer and OutVariable. For more information, type,
"get-help about_commonparameters".

INPUTS
Microsoft.PowerShell.ExecutionPolicy, System.String
You can pipe an execution policy object or a string that contains the name of an execution policy to Set-Execut
ionPolicy.


OUTPUTS
None
This cmdlet does not return any output.


NOTES


When you use Set-ExecutionPolicy, the new user preference is written to the registry and remains unchanged unti
l you change it.

However, if the "Turn on Script Execution" Group Policy is enabled for the computer or user, the user preferenc
e is written to the registry, but it is not effective, and Windows PowerShell displays a message explaining the
conflict. You cannot use Set-ExecutionPolicy to override a Group Policy, even if the user preference is more r
estrictive than the policy.


-------------------------- EXAMPLE 1 --------------------------

C:\PS>set-executionpolicy remotesigned


Description
-----------
This command sets the user preference for the shell execution policy to RemoteSigned.





-------------------------- EXAMPLE 2 --------------------------

C:\PS>Set-ExecutionPolicy Restricted

Set-ExecutionPolicy : Windows PowerShell updated your local preference successfully, but the setting is overridden
by the group policy applied to your system. Due to the override, your shell will retain its current effective execu
tion policy of "AllSigned". Contact your group policy administrator for more information.
At line:1 char:20
+ set-executionpolicy <<<< restricted


Description
-----------
This command attempts to set the execution policy for the shell to "Restricted." The "Restricted" setting is writte
n to the registry, but because it conflicts with a Group Policy, it is not effective, even though it is more restri
ctive than the policy.





-------------------------- EXAMPLE 3 --------------------------

C:\PS>invoke-command -computername Server01 -scriptblock {get-executionpolicy} | set-executionpolicy -force


Description
-----------
This command gets the execution policy from a remote computer and applies that execution policy to the local comput
er.

The command uses the Invoke-Command cmdlet to send the command to the remote computer. Because you can pipe an Exec
utionPolicy (Microsoft.PowerShell.ExecutionPolicy) object to Set-ExecutionPolicy, the Set-ExecutionPolicy command d
oes not need an ExecutionPolicy parameter.

The command does have a Force parameter, which suppresses the user prompt.





-------------------------- EXAMPLE 4 --------------------------

C:\PS>set-executionpolicy -scope CurrentUser -executionPolicy AllSigned -force

C:\PS> get-executionpolicy -list

Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser AllSigned
LocalMachine RemoteSigned

C:\PS> get-executionpolicy
AllSigned


Description
-----------
This example shows how to set an execution policy for a particular scope.

The first command uses the Set-ExecutionPolicy cmdlet to set an execution policy of AllSigned for the current user.
It uses the Force parameter to suppress the user prompts.

The second command uses the List parameter of Get-ExecutionPolicy to get the execution policies set in each scope.
The results show that the execution policy that is set for the current user differs from the execution policy set f
or all users of the computer.

The third command uses the Get-ExecutionPolicy cmdlet without parameters to get the effective execution policy for
the current user on the local computer. The result confirms that the execution policy that is set for the current u
ser takes precedence over the one set for all users.





-------------------------- EXAMPLE 5 --------------------------

C:\PS>set-executionpolicy -scope CurrentUser -executionPolicy Undefined


Description
-----------
This command uses an execution policy value of Undefined to effectively remove the execution policy that is set for
the current user scope. As a result, the execution policy that is set in Group Policy or in the LocalMachine (all
users) scope is effective.

If you set the execution policy in all scopes to Undefined and the Group Policy is not set, the default execution p
olicy, Restricted, is effective for all users of the computer.






RELATED LINKS
Online version: http://go.microsoft.com/fwlink/?LinkID=113394
Get-ExecutionPolicy
Set-AuthenticodeSignature
Get-AuthenticodeSignature
about_Execution_Policies
about_Signing