Problem: Getting “cannot be loaded because running scripts is disabled on this system” error!
On trying to run a PowerShell script from the PowerShell console, I received this error message: “File C:\temp\GenerateRpt.ps1 cannot be loaded because running scripts is disabled on this system. For more information, see about_Execution_Policies at https://go.microsoft.com/fwlink/?LinkID=135170. At line:1 char:1 CategoryInfo: SecurityError PSSecurityException FullyQualifiedErrorId : UnauthorizedAccess”
In some cases, You’ll see the following error message, “The file is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies.”.
This is due to the Windows PowerShell execution policy being set to prevent untrusted scripts that can affect your Windows client environment. Execution policies are security settings that determine the trust level for scripts run in PowerShell. The default execution policy is “strict” on client operating systems like Windows 10 PC, preventing Windows PowerShell commands and scripts from running.
Solution for “cannot be loaded because running scripts is disabled on this system”
How do you enable PowerShell scripting and resolve running scripts is disabled on this system error? To fix this issue, we have to set the execution policy using the Set-ExecutionPolicy cmdlet, so that the PowerShell script runs on the particular machine. Here is how to permit PowerShell script execution:
Step 1: Check the current Execution Policy
Open the PowerShell Console by selecting “Run as Administrator” (Or Right-click the Start menu and choose “Windows PowerShell (Admin)” from the context menu) and get the execution Policy with the command:
This will get the current script execution policy applied, such as “Restricted”.
Step 2: Set the Execution Policy
Set the execution Policy with the following command:
You’ll see a security risk warning. Type “Y” or “A” when prompted to proceed. That’s all! This should solve the issue.
You can also use Set-ExecutionPolicy Unrestricted to remove all restrictions on your security policy (However, the RemoteSigned execution policy is ideal among different modes!). Once you have changed the execution policy, you should be able to run scripts without encountering the “running scripts is disabled on this system” error.
The RemoteSigned policy requires a trusted publisher to sign scripts and configuration files from the internet. Any unsigned scripts downloaded will be blocked, but the execution of scripts created locally is permitted without any digital signature.
Behind the scenes, it sets the registry key: HKLM\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell. You can also make the policy change through the Registry Editor to set the execution policy (Open Registry Editor from the search box on the taskbar >> Navigate to the below path and update the value data of “ExecutionPolicy”).
The policy parameter takes the below values:
- Restricted – No scripting allowed
- Unrestricted – You can run any script, No signing is required.
- RemoteSigned – Good for Test and dev environments. Only files from the internet need to be signed. Otherwise, you’ll see .ps1 is not digitally signed error. This is the default policy setting on servers. More secure option compared with unrestricted.
- AllSigned – local or remote script – A trusted publisher should sign it; only digitally signed PowerShell scripts are allowed.
What if you can’t set the Execution Policy by running PowerShell as Administrator?
To set the execution policy for the current user scope, use the following:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
The default scope is “LocalMachine”, which sets the policy for all users of the current machine. You can get the execution policy for all scopes using:
Bypass ExecutionPolicy Temporarily for a Session
How to bypass the PowerShell execution policy? To bypass the execution policy just for a one-time session, in the command prompt, type:
PowerShell -ExecutionPolicy Bypass
Once you close the PowerShell window, the current PowerShell session ends, and the Bypass is also closed with it. This allows you to run a PowerShell script file temporarily while keeping the ExecutionPolicy settings for all other PowerShell sessions. You can also unblock the file from its properties or copy-paste the script contents into the PowerShell console to bypass the execution policy.
How about bypassing the execution policy and running the script in PowerShell ISE?
You can bypass the execution policy by selecting a block of the script and then hitting F8 (Run Selection).
Use Group Policy Object to Set Execution Policy for Multiple Computers
If you want to change the execution policy on multiple computers, you can use Group Policy in your Domain controller. Here is how to enable running scripts is disabled on this system:
- Open the Group Policy Editor.
- Under “Local Computer Policy” navigate to Computer Configuration >> Administrative Templates >> Windows Components >> Windows PowerShell
- Enable the “Turn on Script Execution” policy, Then select the desired execution policy from the drop-down list, such as “Allow local scripts and remote signed scripts”, which is equivalent to the “RemoteSigned” property we set using Set-ExecutionPolicy command.
Here is the Microsoft reference: Configure execution policies
The “running scripts is disabled on this system” error in PowerShell can be frustrating, but it is easily fixed by changing the execution policy. By understanding execution policies and following the steps outlined in this article, you can enable script execution and take advantage of PowerShell’s powerful automation capabilities.