How do you successfully change execution policy and enable execution of PowerShell scripts

windows powershell

The error message indicates that the setting you're trying to define via Set-ExecutionPolicy is overridden by a setting in another scope. Use Get-ExecutionPolicy -List to see which scope has which setting.

PS C:\> Get-ExecutionPolicy -List        Scope    ExecutionPolicy        -----    ---------------MachinePolicy          Undefined   UserPolicy          Undefined      Process          Undefined  CurrentUser          Undefined LocalMachine       RemoteSignedPS C:\> Set-ExecutionPolicy Restricted -Scope Process -ForcePS C:\> Set-ExecutionPolicy Unrestricted -Scope CurrentUser -ForceSet-ExecutionPolicy : Windows PowerShell updated your execution policysuccessfully, but the setting is overridden by a policy defined at a morespecific scope.  Due to the override, your shell will retain its currenteffective execution policy of Restricted. Type "Get-ExecutionPolicy -List"to view your execution policy settings. ...PS C:\> Get-ExecutionPolicy -List        Scope    ExecutionPolicy        -----    ---------------MachinePolicy          Undefined   UserPolicy          Undefined      Process         Restricted  CurrentUser       Unrestricted LocalMachine       RemoteSignedPS C:\> .\test.ps1.\test.ps1 : File C:\test.ps1 cannot be loaded because running scripts isdisabled on this system. ...PS C:\> Set-ExecutionPolicy Unestricted -Scope Process -ForcePS C:\> Set-ExecutionPolicy Restricted -Scope CurrentUser -ForceSet-ExecutionPolicy : Windows PowerShell updated your execution policysuccessfully, but the setting is overridden by a policy defined at a morespecific scope.  Due to the override, your shell will retain its currenteffective execution policy of Restricted. Type "Get-ExecutionPolicy -List"to view your execution policy settings. ...PS C:\> Get-ExecutionPolicy -List        Scope    ExecutionPolicy        -----    ---------------MachinePolicy          Undefined   UserPolicy          Undefined      Process       Unrestricted  CurrentUser         Restricted LocalMachine       RemoteSignedPS C:\> .\test.ps1Hello World!

As you can see, both settings were defined despite the error, but the setting in the more specific scope (Process) still takes precedence, either preventing or allowing script execution.

Since the default scope is LocalMachine the error could be caused by a setting in the CurrentUser or Process scope. However, a more common reason is that script execution was configured via a group policy (either local or domain).

A local group policy can be modified by a local administrator via gpedit.msc (Local Group Policy Editor) as described in this answer.

A domain group policy cannot be superseded by local settings/policies and must be changed by a domain admin via gpmc.msc (Group Policy Management) on a domain controller.

For both local and domain policies the setting can be defined as a computer setting:

Computer Configuration`-Administrative Templates  `-Windows Components    `-Windows PowerShell -> Turn on Script Execution

or as a user setting:

User Configuration`-Administrative Templates  `-Windows Components    `-Windows PowerShell -> Turn on Script Execution

The former are applied to computer objects, whereas the latter are applied to user objects. For local polices there is no significant difference between user and computer policies, because user policies are automatically applied to all users on the computer.

A policy can have one of three states (or five states if you count the 3 settings available for the state Enabled separately):

Not Configured: policy does not control PowerShell script execution.
Enabled: allow PowerShell script execution.
- Allow only signed scripts: allow execution of signed scripts only (same as Set-ExecutionPolicy AllSigned).
- Allow local scripts and remote signed scripts: allow execution of all local scripts (signed or not) and of signed scripts from remote locations (same as Set-ExecutionPolicy RemoteSigned).
- Allow all scripts: allow execution of local and remote scripts regardless of whether they're signed or not (same as Set-ExecutionPolicy Unrestricted).
Disabled: disallow PowerShell script execution (same as Set-ExecutionPolicy Restricted).

Changes made via Set-ExecutionPolicy only become effective when local and domain policies are set to Not Configured (execution policy Undefined in the scopes MachinePolicy and UserPolicy).

windows powershell

The problem is that Windows does not allow all scripts to be executed in Unrestricted mode. Actually, no matter the execution policy for your user (even if administrator), the Local Group Policy will take priority.

And by default the local group script execution policy is such for which scripts are not allowed to be executed. We need to change it!

Changing the Local Group Execution Policy

We do this via the Local Group Policy Editor which you can reach by searching in the Windows Search bar for "group policy". Or do this:

Open the Management Console by hitting Win + r and typing command mmc.
Go to File -> Add Remove Snap In....
In the left pane find Group Policy Object Editor and add it.
Close the form.

Then on the left pane the group editor can be expanded. Expand it and navigate to Computer Configuration -> Administrative Templates -> Windows Components.

enter image description here