Problem
PowerShell provides an error message when you try to run a script:
PS>.\Test.ps1 File C:\temp\test.ps1 cannot be loaded because the execution of scripts is disa bled on this system. Please see "gethelp about_signing" for more details. At line:1 char:10
+ .\Test.ps1 <<<<
Solution
To prevent this error message, use the SetExecutionPolicy cmdlet to change the PowerShell execution policy to one of the policies that allow scripts to run:
SetExecutionPolicy RemoteSigned
Discussion
As normally configured, PowerShell operates strictly as an interactive shell. By disabling the execution of scripts by default, PowerShell prevents malicious PowerShell scripts from affecting users who have PowerShell installed, but who may never have used (or even heard of!) PowerShell.
You (as a reader of this book) are not part of that target audience, however, so you will want to configure PowerShell to run under one of the following four execution policies:
Restricted
PowerShell operates as an interactive shell only. Attempting to run a script generates an error message. This is PowerShell’s default execution policy.
AllSigned
PowerShell only runs scripts that contain a digital signature. When you attempt to run a script signed by a publisher that PowerShell hasn’t seen before, PowerShell asks whether you trust that publisher to run scripts on your system.
RemoteSigned (recommended)
PowerShell runs most scripts without prompting, but requires that scripts that originate from the Internet contain a digital signature. As in AllSigned mode, PowerShell asks whether you trust that publisher to run scripts on your system when you run a script signed by a publisher it hasn’t seen before. PowerShell considers a script to have come from the Internet when it has been downloaded to your computer by a popular communications programs such as Internet Explorer, Outlook, or Messenger.
Unrestricted
PowerShell does not require a digital signature on any script, but (like Windows Explorer) warns you when a script originates from the Internet.
Run the SetExecutionPolicy cmdlet as an administrator to configure the system’s execution policy. If you want to configure your execution policy on Windows Vista, rightclick the Windows PowerShell link for the option to launch PowerShell as Administrator.
Just because a script is signed, it does not mean that the script is safe! The signature on a script gives you a way to verify who the script came from, but not that you can trust its author to run commands on your
system. You need to make that decision for yourself, which is why PowerShell asks you.
Alternatively, you may directly modify the registry key that PowerShell uses to store its execution policy. This is the ExecutionPolicy property under the registry path HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell.
In an enterprise setting, PowerShell also lets you override this local preference through Group Policy.
When using an execution policy that detects Internetbased scripts, you may want to stop PowerShell from treating those scripts as remote. To do that, rightclick on the file from Windows Explorer, select Properties, and then click Unblock.
In an enterprise setting, PowerShell sometimes warns of the dangers of Internetbased scripts even if they are located only on a network share. If unblocking the file does not resolve the issue, your machine has likely been configured to restrict access to network shares. This is common with Internet Explorer’s Enhanced Security Configuration mode. To prevent this message, add the path of the network share to Internet Explorer’s Intranet or Trusted Sites zone.
For more information about script signing in PowerShell, type GetHelp about_ signing. For more information about the SetExecutionPolicy cmdlet, type GetHelp SetExecutionPolicy.