How do you successfully change execution policy and enable execution of PowerShell scripts
WindowsPowershellWindows Problem Overview
I have a problem regarding changing the Execution Policy in my Windows Server 2008+ OS. It is the first time I try to run a script for which I need resource full access and I try the following after starting Powershell in elevated mode:
Set-ExecutionPolicy Unrestricted
But I get this:
Set-ExecutionPolicy : Windows PowerShell updated your execution policy
successfully, but the setting is overridden by a policy defined at a more
specific scope. Due to the override, your shell will retain its current
effective execution policy of RemoteSigned. Type "Get-ExecutionPolicy -List"
to view your execution policy settings. For more information please see
"Get-Help Set-ExecutionPolicy".
At line:1 char:1
+ Set-ExecutionPolicy Unrestricted
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (:) [Set-ExecutionPolicy], SecurityException
+ FullyQualifiedErrorId : ExecutionPolicyOverride,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand
Though I am Administrator, I cannot change the Execution Policy. What to do?
Windows Solutions
Solution 1 - Windows
The error message indicates that the setting you're trying to define via Set-ExecutionPolicy
is overridden by a setting in another scope. Use Get-ExecutionPolicy -List
to see which scope has which setting.
PS C:> Get-ExecutionPolicy -List
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser Undefined
LocalMachine RemoteSigned
PS C:> Set-ExecutionPolicy Restricted -Scope Process -Force
PS C:> Set-ExecutionPolicy Unrestricted -Scope CurrentUser -Force
Set-ExecutionPolicy : Windows PowerShell updated your execution policy
successfully, but the setting is overridden by a policy defined at a more
specific scope. Due to the override, your shell will retain its current
effective execution policy of Restricted. Type "Get-ExecutionPolicy -List"
to view your execution policy settings. ...
PS C:> Get-ExecutionPolicy -List
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Restricted
CurrentUser Unrestricted
LocalMachine RemoteSigned
PS C:> .\test.ps1
.\test.ps1 : File C:\test.ps1 cannot be loaded because running scripts is
disabled on this system. ...
PS C:> Set-ExecutionPolicy Unestricted -Scope Process -Force
PS C:> Set-ExecutionPolicy Restricted -Scope CurrentUser -Force
Set-ExecutionPolicy : Windows PowerShell updated your execution policy
successfully, but the setting is overridden by a policy defined at a more
specific scope. Due to the override, your shell will retain its current
effective execution policy of Restricted. Type "Get-ExecutionPolicy -List"
to view your execution policy settings. ...
PS C:> Get-ExecutionPolicy -List
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Unrestricted
CurrentUser Restricted
LocalMachine RemoteSigned
PS C:> .\test.ps1
Hello World!
PS C:> .\test.ps1
Hello World!
As you can see, both settings were defined despite the error, but the setting in the more specific scope (Process
) still takes precedence, either preventing or allowing script execution.
Since the default scope is LocalMachine
the error could be caused by a setting in the CurrentUser
or Process
scope. However, a more common reason is that script execution was configured via a group policy (either local or domain).
A local group policy can be modified by a local administrator via gpedit.msc
(Local Group Policy Editor) as described in this answer.
A domain group policy cannot be superseded by local settings/policies and must be changed by a domain admin via gpmc.msc
(Group Policy Management) on a domain controller.
For both local and domain policies the setting can be defined as a computer setting:
Computer Configuration
`-Administrative Templates
`-Windows Components
`-Windows PowerShell -> Turn on Script Execution
or as a user setting:
User Configuration
`-Administrative Templates
`-Windows Components
`-Windows PowerShell -> Turn on Script Execution
The former are applied to computer objects, whereas the latter are applied to user objects. For local polices there is no significant difference between user and computer policies, because user policies are automatically applied to all users on the computer.
A policy can have one of three states (or five states if you count the 3 settings available for the state Enabled separately):
- Not Configured: policy does not control PowerShell script execution.
- Enabled: allow PowerShell script execution.
- Allow only signed scripts: allow execution of signed scripts only (same as
Set-ExecutionPolicy AllSigned
). - Allow local scripts and remote signed scripts: allow execution of all local scripts (signed or not) and of signed scripts from remote locations (same as
Set-ExecutionPolicy RemoteSigned
). - Allow all scripts: allow execution of local and remote scripts regardless of whether they're signed or not (same as
Set-ExecutionPolicy Unrestricted
).
- Allow only signed scripts: allow execution of signed scripts only (same as
- Disabled: disallow PowerShell script execution (same as
Set-ExecutionPolicy Restricted
).
Changes made via Set-ExecutionPolicy
only become effective when local and domain policies are set to Not Configured (execution policy Undefined
in the scopes MachinePolicy
and UserPolicy
).
Solution 2 - Windows
The problem is that Windows does not allow all scripts to be executed in Unrestricted
mode. Actually, no matter the execution policy for your user (even if administrator), the Local Group Policy
will take priority.
And by default the local group script execution policy is such for which scripts are not allowed to be executed. We need to change it!
Changing the Local Group Execution Policy
We do this via the Local Group Policy Editor
which you can reach by searching in the Windows Search bar for "group policy". Or do this:
- Open the Management Console by hitting
Win + r
and typing commandmmc
. - Go to
File -> Add Remove Snap In...
. - In the left pane find
Group Policy Object Editor
and add it. - Close the form.
Then on the left pane the group editor can be expanded. Expand it and navigate to Computer Configuration -> Administrative Templates -> Windows Components
.
Then to Windows PowerShell
.
So select Turn on Script Execution
. Change configuration to Enabled
and specify Allow all scripts
in Execution Policy
.
Confirm by hitting Ok
and close the Management Console.
Solution 3 - Windows
A hotfix is now available to install:
2.8.7 for VS 2013: https://github.com/NuGet/Home/releases/download/2.8.7/NuGet.Tools.vsix
3.1.1 for VS 2015: https://github.com/NuGet/Home/releases/download/3.1.1/NuGet.Tools.vsix
Solution 4 - Windows
If you are running into this with visual studio 2015 recently, check if there are any updates for nuget package manager in tools > extensions and updates>
Solution 5 - Windows
If the PowerShell ExecutionPolicy is being set by a Domain Controller through a group policy, you'll have to reset the ExecutionPolicy to "Bypass" in the registry after every boot. I've created a pair of startup scripts to automate the process. Below, I describe my process.
Create a folder called %USERPROFILE%\Documents\StartupScripts and then place a PowerShell script called ExecutionPolicy.ps1 in it with following code:
Push-Location
Set-Location HKLM:\Software\Policies\Microsoft\Windows\PowerShell
Set-ItemProperty . ExecutionPolicy "Bypass"
Pop-Location
Then create a file called %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Startup.cmd and place the following code in it:
PowerShell -Version 3.0 -Command "Set-ExecutionPolicy Unrestricted" >> "%TEMP%\StartupLog.txt" 2>&1
PowerShell -Version 3.0 "%USERPROFILE%\Documents\StartupScripts\ExecutionPolicy.ps1" >> "%TEMP%\StartupLog.txt" 2>&1
This script will run at the start of every login.
Solution 6 - Windows
Even if @Ansgar Wiechers's Answer doesn't work.. Then there can be issue with you MachinePolicy Scope. So there can be one workaround for that issue is.. Edit the Registry Value for the ExecutionPolicy Key at
> HKEY_LOCAL_MACHINE -> SOFTWARE -> Policies -> Microsoft -> Windows -> > Powershell
it worked for me to execute ps script after trying out so many solutions.
Solution 7 - Windows
Add the following to a file named psa.cmd
and put in a folder included your PATH :
POWERSHELL -Command "$enccmd=[Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes((Get-Content '%1' | Out-String)));POWERSHELL -EncodedCommand $enccmd"
Now you can run any powershell script as in:
psa script.ps1
Solution 8 - Windows
Last time I jumped into this issue the following code fixed it. Don't forget to run terminal with Administrator priviliges and rerun it before executing script.
Set-ItemProperty -path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell" EnableScripts 1
Solution 9 - Windows
I just did:
Set-ExecutionPolicy Unrestricted -Scope Process -Force
Set-ExecutionPolicy Unrestricted
and it worked
Solution 10 - Windows
Set "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell" EnableScripts
worked for me after much search in windows 8. It cause npm and ng commands to work.