But I ran Set-Executionpolicy unrestricted, what is going on?

Hello All,

So first let's be clear, if you can run with a properly set execution policy using only signed scripts then I will recommend that you keep that way.  If you want to learn how to sign your scripts here is a great blog that should get you started http://www.hanselman.com/blog/SigningPowerShellScripts.aspx.  But if you are like all my customers and I'm assuming 99% of the world then you don't have the time to get all your scripts that will run against Production signed before you need to run them.\

And with my customer that is exactly the case, we needed to run several of my install scripts which are not signed (I have one central script that uses Start-Process to start other scripts), and he trusts me so he was comfortable running the following command.


Set-ExecutionPolicy unrestricted 


Then when he went to run the script he was getting this prompt several times 

Security Warning

Run only scripts that you trust. While scripts from the
Internet can be useful, this script can potentially harm your computer. Do you want to run

E:\InstallFiles\install Scripts\SharePointServers.ps1?

[D] Do not run  [R] Run once  [S] Suspend [?] Help (default is "D"):


WHAT?  But I set the execution policy to unrestricted...ran the following command just to check


Yup, it was set just I had expected.  So started to dig and try to figure what is going on and discovered in fact by design PowerShell will by design prompt you when you run a script using an execution policy of unrestricted (http://technet.microsoft.com/en-us/library/dd347641) and what you have to do is run the command

Set-ExecutionPolicy Bypass

What this command does is set the following in the security of PowerShell for the local server

- Nothing is blocked and there are no warnings or prompts.

- This execution policy is designed for configurations in which a Windows PowerShell script is built in to a larger application or for configurations in which Windows PowerShell is the foundation for a program that has its own security model.

So lesson learned unrestricted is not enough if you plan to run more complex scripts that open other PowerShell shells.

To learn more about setting execution policies start reading here http://www.techrepublic.com/blog/datacenter/set-the-powershell-execution-policy-via-group-policy/3305



Comments (3)

  1. If we are programming for other clients should we set the scope to "Process" so that running MyApp.exe with an internal powershell engine does not affect their native security policy ?  Does this over-ride their current settings allowing them to keep secure but still run MyApp.exe ?

           – Process

                The execution policy affects only the current session

                (the current Windows PowerShell process).

  2. Yet another stupid pointless poorly documented part of powershell. Nothing makes any logical sense. Unrestricted means exactly what it says.

  3. CC says:

    Yeah, cause lets make everything harder than it needs to be without actually making it more secure.

    Well done.

Skip to main content