Advertisement
Advertisement


PowerShell says "execution of scripts is disabled on this system."


Question

I am trying to run a cmd file that calls a PowerShell script from cmd.exe, but I am getting this error:

Management_Install.ps1 cannot be loaded because the execution of scripts is disabled on this system.

I ran this command:

Set-ExecutionPolicy -ExecutionPolicy Unrestricted

When I run Get-ExecutionPolicy from PowerShell, it returns Unrestricted.

PS C:\Users\Administrator\> Get-ExecutionPolicy
Unrestricted

C:\Projects\Microsoft.Practices.ESB\Source\Samples\Management Portal\Install\Scripts\> powershell .\Management_Install.ps1 1

WARNING: Running x86 PowerShell...

File C:\Projects\Microsoft.Practices.ESB\Source\Samples\Management Portal\Install\Scripts\Management_Install.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see "get-help about_signing" for more details.

At line:1 char:25

  • .\Management_Install.ps1 <<<< 1
  • CategoryInfo : NotSpecified: (:) [], PSSecurityException
  • FullyQualifiedErrorId : RuntimeException
C:\Projects\Microsoft.Practices.ESB\Source\Samples\Management Portal\Install\Scripts\> PAUSE

Press any key to continue . . .

The system is Windows Server 2008R2.

What am I doing wrong?

2020/08/04
1
1857
8/4/2020 3:07:36 PM

Accepted Answer

If you're using Windows Server 2008 R2 then there is an x64 and x86 version of PowerShell both of which have to have their execution policies set. Did you set the execution policy on both hosts?

As an Administrator, you can set the execution policy by typing this into your PowerShell window:

Set-ExecutionPolicy RemoteSigned

For more information, see Using the Set-ExecutionPolicy Cmdlet.

When you are done, you can set the policy back to its default value with:

Set-ExecutionPolicy Restricted
2020/02/16
2352
2/16/2020 6:14:15 AM

You can bypass this policy for a single file by adding -ExecutionPolicy Bypass when running PowerShell

powershell -ExecutionPolicy Bypass -File script.ps1
2019/12/27

I had a similar issue and noted that the default cmd on Windows Server 2012, was running the x64 one.

For Windows 7, Windows 8, Windows 10, Windows Server 2008 R2 or Windows Server 2012, run the following commands as Administrator:

x86 (32 bit)
Open C:\Windows\SysWOW64\cmd.exe
Run the command powershell Set-ExecutionPolicy RemoteSigned

x64 (64 bit)
Open C:\Windows\system32\cmd.exe
Run the command powershell Set-ExecutionPolicy RemoteSigned

You can check mode using

  • In CMD: echo %PROCESSOR_ARCHITECTURE%
  • In Powershell: [Environment]::Is64BitProcess

References:
MSDN - Windows PowerShell execution policies
Windows - 32bit vs 64bit directory explanation

2019/03/15

Most of the existing answers explain the How, but very few explain the Why. And before you go around executing code from strangers on the Internet, especially code that disables security measures, you should understand exactly what you're doing. So here's a little more detail on this problem.

From the TechNet About Execution Policies Page:

Windows PowerShell execution policies let you determine the conditions under which Windows PowerShell loads configuration files and runs scripts.

The benefits of which, as enumerated by PowerShell Basics - Execution Policy and Code Signing, are:

  • Control of Execution - Control the level of trust for executing scripts.
  • Command Highjack - Prevent injection of commands in my path.
  • Identity - Is the script created and signed by a developer I trust and/or a signed with a certificate from a Certificate Authority I trust.
  • Integrity - Scripts cannot be modified by malware or malicious user.

To check your current execution policy, you can run Get-ExecutionPolicy. But you're probably here because you want to change it.

To do so you'll run the Set-ExecutionPolicy cmdlet.

You'll have two major decisions to make when updating the execution policy.

Execution Policy Type:

  • Restricted - No Script either local, remote or downloaded can be executed on the system.
  • AllSigned - All script that are ran require to be digitally signed.
  • RemoteSigned - All remote scripts (UNC) or downloaded need to be signed.
  • Unrestricted - No signature for any type of script is required.

Scope of new Change

  • LocalMachine - The execution policy affects all users of the computer.
  • CurrentUser - The execution policy affects only the current user.
  • Process - The execution policy affects only the current Windows PowerShell process.

† = Default

For example: if you wanted to change the policy to RemoteSigned for just the CurrentUser, you'd run the following command:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

Note: In order to change the Execution policy, you must be running PowerShell As Adminstrator. If you are in regular mode and try to change the execution policy, you'll get the following error:

Access to the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' is denied. To change the execution policy for the default (LocalMachine) scope, start Windows PowerShell with the "Run as administrator" option.

If you want to tighten up the internal restrictions on your own scripts that have not been downloaded from the Internet (or at least don't contain the UNC metadata), you can force the policy to only run signed sripts. To sign your own scripts, you can follow the instructions on Scott Hanselman's article on Signing PowerShell Scripts.

Note: Most people are likely to get this error whenever they open Powershell because the first thing PS tries to do when it launches is execute your user profile script that sets up your environment however you like it.

The file is typically located in:

%UserProfile%\My Documents\WindowsPowerShell\Microsoft.PowerShellISE_profile.ps1

You can find the exact location by running the powershell variable

$profile

If there's nothing that you care about in the profile, and don't want to fuss with your security settings, you can just delete it and powershell won't find anything that it cannot execute.

2015/04/23

In Windows 7:

Go to Start Menu and search for "Windows PowerShell ISE".

Right click the x86 version and choose "Run as administrator".

In the top part, paste Set-ExecutionPolicy RemoteSigned; run the script. Choose "Yes".

Repeat these steps for the 64-bit version of Powershell ISE too (the non x86 version).

I'm just clarifying the steps that @Chad Miller hinted at. Thanks Chad!

2012/12/04

Also running this command before the script also solves the issue:

set-executionpolicy unrestricted
2016/03/09

Source: https://stackoverflow.com/questions/4037939
Licensed under: CC-BY-SA with attribution
Not affiliated with: Stack Overflow
Email: [email protected]