PowerShell Execution Policy

PowerShell security settings - Complete guide to execution policies, script security, and proper PowerShell management.

PowerShell Execution Policy is a security feature that controls the conditions under which PowerShell loads configuration files and runs scripts.

Prevents accidental script execution and provides basic protection against malicious scripts
Not a security boundary - determined users can bypass policies
Essential for automation, system administration, and script deployment

Get-ExecutionPolicy
Shows the current execution policy

Get-ExecutionPolicy -List
Shows all scope policies

Set-ExecutionPolicy RemoteSigned
Sets policy for current user

Set-ExecutionPolicy -Scope CurrentUser RemoteSigned
Sets policy with specific scope

Default on Windows clients

No scripts allowed to run

Individual commands only

High security

All scripts must be digitally signed

Requires trusted publisher

Most common setting

Local scripts run, remote scripts need signature

Balances security and usability

Low security

All scripts run with warning for downloaded scripts

Use with caution

Policy	Security Level	Local Scripts	Remote Scripts	Use Case
Restricted	Highest	❌ Blocked	❌ Blocked	Default Windows client setting
AllSigned	High	✅ If signed	✅ If signed	High-security environments
RemoteSigned	Medium	✅ Allowed	✅ If signed	Most common production setting
Unrestricted	Low	✅ Allowed	⚠️ With warning	Development/testing environments
Bypass	None	✅ Allowed	✅ Allowed	Embedded scripts, applications
Undefined	Variable	No policy set - inherits from higher scope		Removes current scope setting

Note: Higher numbered scopes take precedence. Group Policy settings cannot be overridden.