ChatGPT解决这个技术问题 Extra ChatGPT

PowerShell says "execution of scripts is disabled on this system."

I am trying to run a cmd file that calls a PowerShell script from cmd.exe, but I am getting this error:

Management_Install.ps1 cannot be loaded because the execution of scripts is disabled on this system.

I ran this command: 

Set-ExecutionPolicy -ExecutionPolicy Unrestricted

When I run Get-ExecutionPolicy from PowerShell, it returns Unrestricted. 

PS C:\Users\Administrator\> Get-ExecutionPolicy
Unrestricted

C:\Projects\Microsoft.Practices.ESB\Source\Samples\Management Portal\Install\Scripts> powershell .\Management_Install.ps1 1 WARNING: Running x86 PowerShell... File C:\Projects\Microsoft.Practices.ESB\Source\Samples\Management Portal\Install\Scripts\Management_Install.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see "get-help about_signing" for more details. At line:1 char:25 .\Management_Install.ps1 <<<< 1 CategoryInfo : NotSpecified: (:) [], PSSecurityException FullyQualifiedErrorId : RuntimeException C:\Projects\Microsoft.Practices.ESB\Source\Samples\Management Portal\Install\Scripts> PAUSE Press any key to continue . . .

The system is Windows Server 2008R2.

What am I doing wrong?

Its worth pointing out that Execution Policy carries several scopes, and running PowerShell in different ways can get you different policies. To view the list of policies, run Get-ExecutionPolicy -List.
All policy explanations are here.

N
Neuron

If you're using Windows Server 2008 R2 then there is an x64 and x86 version of PowerShell both of which have to have their execution policies set. Did you set the execution policy on both hosts?

As an Administrator, you can set the execution policy by typing this into your PowerShell window: 

Set-ExecutionPolicy RemoteSigned

For more information, see Using the Set-ExecutionPolicy Cmdlet.

When you are done, you can set the policy back to its default value with: 

Set-ExecutionPolicy Restricted

You may see an error: 

Access to the registry key
'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' is denied. 
To change the execution policy for the default (LocalMachine) scope, 
  start Windows PowerShell with the "Run as administrator" option. 
To change the execution policy for the current user, 
  run "Set-ExecutionPolicy -Scope CurrentUser".

So you may need to run the command like this (as seen in comments): 

Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
Set-ExecutionPolicy Restricted seems to be the way to undo it if you want to put the permissions back to as they were: technet.microsoft.com/en-us/library/ee176961.aspx. The temporary bypass method by @Jack Edmonds looks safer to me: powershell -ExecutionPolicy ByPass -File script.ps1
For a more secure policy, scope it to the actual user: Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
Set-ExecutionPolicy RemoteSigned cannot be the first line in your script. If it is, highlight it and run selected only INITIALLY before running the rest of your script.
I came across a similar question on SF site, "Powershell execution policy within SQL Server” asked Oct 10 '14. The answers there included Get-ExecutionPolicy -List which helped me to see the different scopes. The cmd Get-ExecutionPolicy does not show all the scopes. Import-Module SQLPS is now working with policies changed as follows: {Undefined- Process,MachinePolicy,UserPolicy,}; {RemoteSigned- CurrentUser, LocalMachine}.
If I do this, does the change last for only the duration of the current PowerShell? Or is it bigger than that?
N
Neuron

You can bypass this policy for a single file by adding -ExecutionPolicy Bypass when running PowerShell 

powershell -ExecutionPolicy Bypass -File script.ps1
This is also really handy if you're on a non-administrator account. I made a shortcut to %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy ByPass on my taskbar.
Note that Microsoft Technet stylizes it as "Bypass", not "ByPass". See: technet.microsoft.com/nl-nl/library/hh849812.aspx
This doesn't work for me, I get the same permission denied as if I called it normally. Calling a ps1 from a .bat by doing type script.ps1 | powershell - does work though.
The purpose to Execution Policy is to prevent people from double-clicking a .ps1 and accidentally running something they didn't mean to. This would happen with .bat files
A parameter cannot be found that matches parameter name 'File' Command: Set-ExecutionPolicy -ExecutionPolicy Bypass -File .\file.ps1
R
Ralph Willgoss

I had a similar issue and noted that the default cmd on Windows Server 2012, was running the x64 one.

For Windows 11, Windows 10, Windows 7, Windows 8, Windows Server 2008 R2 or Windows Server 2012, run the following commands as Administrator:

x86 (32 bit)
Open C:\Windows\SysWOW64\cmd.exe
Run the command powershell Set-ExecutionPolicy RemoteSigned

x64 (64 bit)
Open C:\Windows\system32\cmd.exe
Run the command powershell Set-ExecutionPolicy RemoteSigned

You can check mode using

In CMD: echo %PROCESSOR_ARCHITECTURE%

In Powershell: [Environment]::Is64BitProcess

References:
MSDN - Windows PowerShell execution policies
Windows - 32bit vs 64bit directory explanation

Works for me in windows10
Worked for me for nodemon installation process on vscode. cheers.
Worked on windows 10 x64
Thank you so much, worked for me in Windows 10, VSCode!
thanks, I was using powershell instead of git bash as command line, LOL 😊
K
KyleMit

Most of the existing answers explain the How, but very few explain the Why. And before you go around executing code from strangers on the Internet, especially code that disables security measures, you should understand exactly what you're doing. So here's a little more detail on this problem.

From the TechNet About Execution Policies Page:

Windows PowerShell execution policies let you determine the conditions under which Windows PowerShell loads configuration files and runs scripts.

The benefits of which, as enumerated by PowerShell Basics - Execution Policy and Code Signing, are:

Control of Execution - Control the level of trust for executing scripts. Command Highjack - Prevent injection of commands in my path. Identity - Is the script created and signed by a developer I trust and/or a signed with a certificate from a Certificate Authority I trust. Integrity - Scripts cannot be modified by malware or malicious user.

To check your current execution policy, you can run Get-ExecutionPolicy. But you're probably here because you want to change it.

To do so you'll run the Set-ExecutionPolicy cmdlet.

You'll have two major decisions to make when updating the execution policy.

Execution Policy Type:

Restricted† - No Script either local, remote or downloaded can be executed on the system.

AllSigned - All script that are ran require to be digitally signed.

RemoteSigned - All remote scripts (UNC) or downloaded need to be signed.

Unrestricted - No signature for any type of script is required.

Scope of new Change

LocalMachine† - The execution policy affects all users of the computer.

CurrentUser - The execution policy affects only the current user.

Process - The execution policy affects only the current Windows PowerShell process.

† = Default

For example: if you wanted to change the policy to RemoteSigned for just the CurrentUser, you'd run the following command: 

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

Note: In order to change the Execution policy, you must be running PowerShell As Adminstrator. If you are in regular mode and try to change the execution policy, you'll get the following error:

Access to the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' is denied. To change the execution policy for the default (LocalMachine) scope, start Windows PowerShell with the "Run as administrator" option.

If you want to tighten up the internal restrictions on your own scripts that have not been downloaded from the Internet (or at least don't contain the UNC metadata), you can force the policy to only run signed sripts. To sign your own scripts, you can follow the instructions on Scott Hanselman's article on Signing PowerShell Scripts.

Note: Most people are likely to get this error whenever they open Powershell because the first thing PS tries to do when it launches is execute your user profile script that sets up your environment however you like it.

The file is typically located in: 

%UserProfile%\My Documents\WindowsPowerShell\Microsoft.PowerShellISE_profile.ps1

You can find the exact location by running the powershell variable 

$profile

If there's nothing that you care about in the profile, and don't want to fuss with your security settings, you can just delete it and powershell won't find anything that it cannot execute.

I feel like it's important to note that while execution policy is a security measure, it's not one that's intended to prevent users from executing PowerShell code. Execution policy is something that's intended to protect your scripts and determine who wrote, modifed or approved them and that's all. It's trivial to get around execution policy with something as simple as Get-Content .\MyFile.ps1 | powershell.exe -NoProfile -.
Given the existence of -ExecutionPolicy ByPass though, what is the purpose of this policy anyway? Is it just to prevent users from accidentally opening a powershell console and running a malicious script? Couldn't the attacker just use an executable or a batch script if they wanted to get around this? Even after reading @BaconBits comment I'm not quite sure what scenario this policy is meant to prevent...
@Ajedi32 Say I have a task that runs a script on a network share. When I invoke my script, I want my process to verify that the script is signed. I want my code to double check that the script I'm going to run is the code I trust to run. I don't care if you can run my code. Stopping that is access rights' job. I just want to prevent you from making me run code that I didn't write. Access rights means the operating system prevents you from modifying my code when you're logged on. Code signing and execution policy means my script hasn't been modified when I go to run it.
how about showing how to sign the script rather then how to disable security? Is that an option?
@gman, I think that's a fair point. To crowdsource the work, you can certainly add that answer or append to this one.
A
Agostino

We can get the status of current ExecutionPolicy by the command below: 

Get-ExecutionPolicy

By default it is Restricted. To allow the execution of PowerShell scripts we need to set this ExecutionPolicy either as Unrestricted or Bypass.

We can set the policy for Current User as Bypass by using any of the below PowerShell commands: 

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -Force

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Bypass -Force

Unrestricted policy loads all configuration files and runs all scripts. If you run an unsigned script that was downloaded from the Internet, you are prompted for permission before it runs.

Whereas in Bypass policy, nothing is blocked and there are no warnings or prompts during script execution. Bypass ExecutionPolicy is more relaxed than Unrestricted.

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Bypass -Force; AKA quick and dirty way to tell VS2015 to stop complaining and run my bloody script. thanks. lifesaver.
The trailing semicolons on the ends of your commands are superfluous.
N
Nate

Also running this command before the script also solves the issue: 

Set-ExecutionPolicy Unrestricted
-1 - Follow the principle of least permission. At least set the policy to RemoteSigned before removing all restrictions on your security policy. If that doesn't work, then re-assess what your pain points are and why it isn't working. You can set unrestricted as a last resort, but it shouldn't be your starting point.
Thanks for pointing out this option too. With all due respect to security needs for production purposes, in the times when quick prototyping ability demand is so high, all the policies and security really get in the way of getting stuff done.
Regarding the comment re prototyping, I'm afraid that this is why crappy code gets into production. Of course this is just a trivial example, but if you can't solve something this trivial during development, it's a worry for release. Also, for bespoke code, and if you can, know the target environment - we set the majority of our internal systems as Remotesigned.
R
Ryan

In Windows 7:

Go to Start Menu and search for "Windows PowerShell ISE".

Right click the x86 version and choose "Run as administrator".

In the top part, paste Set-ExecutionPolicy RemoteSigned; run the script. Choose "Yes".

Repeat these steps for the 64-bit version of Powershell ISE too (the non x86 version).

I'm just clarifying the steps that @Chad Miller hinted at. Thanks Chad!

In Windows 8 too, this worked. I set Set-ExecutionPolicy RemoteSigned; in Windows Powershell only, by running it as administrator. Didn't need to repeat the procedure for x86 version.
P
Peter Mortensen

If you are in an environment where you are not an administrator, you can set the Execution Policy just for you, and it will not require administrator. 

Set-ExecutionPolicy -Scope "CurrentUser" -ExecutionPolicy "RemoteSigned"

or 

Set-ExecutionPolicy -Scope "CurrentUser" -ExecutionPolicy "Unrestricted"

You can read all about it in the help entry. 

Help Get-ExecutionPolicy -Full
Help Set-ExecutionPolicy -Full
Worked great for me in Windows 8, even when Set-ExecutionPolicy Unrestricted as an admin didn't seem to "unrestrict" enough to actually help.
I believe what you may be experiencing is a GPO or something else overwriting your setting of the "LocalMachine" level of ExecutionPolicy. You cannot overwrite what a Domain Policy has in place with the Set-ExecutionPolicy command. However, but setting the "CurrentUser" level of access, you and only you will have the specified Execution Policy. This is because the computer looks at the CurrentUser for execution policy before it looks at the LocalMachine setting.
Set-ExecutionPolicy -Scope "CurrentUser" -ExecutionPolicy "Unrestricted" is the only solution that worked for me. Thank you
P
Peter Mortensen

RemoteSigned: all scripts you created yourself will be run, and all scripts downloaded from the Internet will need to be signed by a trusted publisher.

OK, change the policy by simply typing: 

Set-ExecutionPolicy RemoteSigned
As recommended in other posts: it's wise to include "-Scope CurrentUser" for a more secure policy, when that makes sense.
P
Peter Mortensen

I'm using Windows 10 and was unable to run any command. The only command that gave me some clues was this:

[x64]

Open C:\Windows\SysWOW64\cmd.exe [as administrator] Run the command> powershell Set-ExecutionPolicy Unrestricted

But this didn't work. It was limited. Probably new security policies for Windows10. I had this error:

Set-ExecutionPolicy: Windows PowerShell updated your execution policy successfully, but the setting is overridden by a policy defined at a more specific scope. Due to the override, your shell will retain its current effective execution policy of...

So I found another way (solution):

Open Run Command/Console (Win + R) Type: gpedit.msc (Group Policy Editor) Browse to Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Windows Powershell. Enable "Turn on Script Execution" Set the policy as needed. I set mine to "Allow all scripts".

Now open PowerShell and enjoy ;)

Is this a stand-alone installation, or are you connected to a workgroup or domain?
Why open cmd to do it? Just open ISE (as admin) and type Set-ExecutionPolicy RemoteSigned
OMG this finally fixed my win10 box, @kolob set-executionpolicy is not enough
You should not be using Unrestricted. It is better practice to use RemoteSigned
@xer0x it should be as long as you run powershell as an administrator
M
MD SHAYON

Open powershell as administration 

Set-ExecutionPolicy -Scope "CurrentUser" -ExecutionPolicy "RemoteSigned"

use this command

O
OmidDarvishi

sou should run this command 

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted
This is the exact same as @Micah 'Powershell Ninja''s answer from eight years ago. And, for that matter, it's effectively covered by @KyleMit's exceptional accepted answer from seven years ago. Before submitting a new answer, please review the existing answer and upvote ones you find useful. Only submit a new answer to established questions if you have something new and substantial to add to the existing answers.
Life saver. Works, thanks
P
Peter Mortensen

Win + R and type copy paste command and press OK: 

powershell Set-ExecutionPolicy -Scope "CurrentUser" -ExecutionPolicy "RemoteSigned"

And execute your script.

Then revert changes like: 

powershell Set-ExecutionPolicy -Scope "CurrentUser" -ExecutionPolicy "AllSigned"
Thanks a lot, these 2 lines are answers for Win10 in 2022
R
R15

Open Windows PowerShell Command and run below query to change ExecutionPolicy

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

if it ask for confirm changes press 'Y' and hit enter.

p
phpnerd

Open command prompt in windows, If the problem is only with powershell use the following command, 

powershell Set-ExecutionPolicy -Scope "CurrentUser" -ExecutionPolicy "RemoteSigned"
P
Peter Mortensen

Setting the execution policy is environment-specific. If you are trying to execute a script from the running x86 ISE you have to use the x86 PowerShell to set the execution policy. Likewise, if you are running the 64-bit ISE you have to set the policy with the 64-bit PowerShell.

Y
Yasin Patel

you may try this and select "All" Option 

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned
T
T Manojith

Open Run Command/Console ( Win + R ) Type: gpedit. msc (Group Policy Editor) Browse to Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Windows Powershell. Enable "Turn on Script Execution" Set the policy as needed. I set mine to "Allow all scripts".

Now run the run command what ever you are using.. Trust this the app will runs.. Enjoy :)

P
Peter Mortensen

You can also bypass this by using the following command: 

PS > powershell Get-Content .\test.ps1 | Invoke-Expression

You can also read this article by Scott Sutherland that explains 15 different ways to bypass the PowerShell Set-ExecutionPolicy if you don't have administrator privileges:

15 Ways to Bypass the PowerShell Execution Policy

This is probably one of the more compelling guides to troubleshoot and understand this restriction.
R
Rashi Goyal

I have also faced similar issue try this hope it helps someone As I'm using windows so followed the steps as given below Open command prompt as an administrator and then go to this path 

C:\Users\%username%\AppData\Roaming\npm\

Look for the file ng.ps1 in this folder (dir) and then delete it (del ng.ps1)

You can also clear npm cache after this though it should work without this step as well. Hope it helps as it worked for me.

Hope it helps

this one worked, i just removed a few .ps1 extension files and it started working
P
Peter Mortensen

In the PowerShell ISE editor I found running the following line first allowed scripts. 

Set-ExecutionPolicy RemoteSigned -Scope Process
U
User 
Set-ExecutionPolicy RemoteSigned

Executing this command in administrator mode in powershell will solve the problem.

J
Jeffrey Cheong

In Window 10:

if you are not administrator, you can use this 

powershell Set-ExecutionPolicy -Scope CurrentUser

cmdlet Set-ExecutionPolicy at command pipeline position 1 Supply values for the following parameters: ExecutionPolicy: RemoteSigned

it solved my problem like a charm!

N
Nimantha

https://i.stack.imgur.com/q76IF.png

https://i.stack.imgur.com/Snz6j.png

g
ghost21blade

First, you have to need to open the powershell and run this command.

set-ExecutionPolicy RemoteSigned -Scope CurrentUser

Then it will ask yo to confirm. Type Y and press Enter

When you run this command, you can see that your system has set all policies for the current user as remotely. It will take few seconds to complete this process. The image will be shown like below.

https://i.stack.imgur.com/XyFUJ.png

To check if execution policy has set, Type : Get-ExecutionPolicy

If its set output would be like this :

https://i.stack.imgur.com/0wTAV.png

R
Ramanujam Allam

Open PowerShell as Administrator and run Set-ExecutionPolicy -Scope CurrentUser Provide RemoteSigned and press Enter Run Set-ExecutionPolicy -Scope CurrentUser Provide Unrestricted and press Enter

P
Peter Mortensen

In PowerShell 2.0, the execution policy was set to disabled by default.

From then on, the PowerShell team has made a lot of improvements, and they are confident that users will not break things much while running scripts. So from PowerShell 4.0 onward, it is enabled by default.

In your case, type Set-ExecutionPolicy RemoteSigned from the PowerShell console and say yes.

G
George C.

I get another warning when I tryit to run Set-ExecutionPolicy RemoteSigned

I solved with this commands 

Set-ExecutionPolicy "RemoteSigned" -Scope Process -Confirm:$false

Set-ExecutionPolicy "RemoteSigned" -Scope CurrentUser -Confirm:$false
E
Elias

https://i.stack.imgur.com/TjTjR.png

it fixed the issue for me

Y
Yasir

Open PowerShell as a administrator. Run the following command

Set-ExecutionPolicy RemoteSigned

Type Y when asked!

This worked in Windows 11
This is identical to numerous other answers suggesting the same exact command, one of which is the highest-voted, accepted answer. You really should check that you're not duplicating other answers before posting your own. I realize that's no small task on a question with 47 answers (and counting), but if people would stop posting the same answer over and over there wouldn't be so many answers to sift through!

关注公众号,不定期副业成功案例分享
Follow WeChat

Success story sharing

Want to stay one step ahead of the latest teleworks?

Subscribe Now

HuntsBot,a one-stop outsourcing task, remote job, product ideas sharing and subscription platform, which supports DingTalk, Lark, WeCom, Email and Telegram robot subscription. The platform will push outsourcing task requirements, remote work opportunities, product ideas to every subscribed user with timely, stable and reliable.

简体中文 English

Platform

Support

Contact US

Any questions or suggestions during use, you can contact us in the following ways:

Email: huntsbot@xinbeitime.com

Copyright© 2022-2023 www.huntsbot.com 浙ICP备2022000860号-4 All Rights Reserved.