Execution Policy and Group Policy

Welcome to 2015!

Every new PowerShell user negotiates the infamous 'Execution Policy' when trying to run a script for the first time... Why can't I just run a script? What do I need to do to run a script? Ah, happy memories...

An 'Execution Policy' defines rules for script or configuration file execution: for example, we can stipulate that only digitally-signed scripts are allowed to be called. The default execution policy setting is 'Restricted' which means that scripts or configuration files are not allowed to run - this provides a level of protection against unauthorised or accidental script execution.

We can use Get-ExecutionPolicy and Set-ExecutionPolicy cmdlets to check and define execution policy settings on a computer. If an 'Execution Policy' is set at user or local computer level the setting is stored in the registry. 

And, so... I quite often get asked how to configure the PowerShell execution policy on a wide scale, i.e. for a large number of clients or servers. The answer, of course, is Group Policy and details are found in the about_Execution_Policies help file...

The PowerShellExecutionPolicy.admx file adds the "Turn on Script Execution" policy to the Computer Configuration and User Configuration nodes in Group Policy Editor in the following path:

          For Windows Vista and later versions of Windows:
          Administrative Templates\Windows Components\Windows PowerShell

Policies set in the Computer Configuration node take precedence over policies set in the User Configuration node.