Have you ever tried running a PowerShell script only to be greeted by the error “Running scripts is disabled on this system”? This frustrating message appears due to PowerShell’s default security settings.
In this post, I’ll explain what causes that error, walk you through how to fix it, and share some best practices around enabling PowerShell scripting securely. Let’s dive in!
What is the “Running scripts is disabled on this system” Error?
This error occurs because PowerShell’s execution policy is set to Restricted by default.
The execution policy controls what kinds of PowerShell code can be run on your system. The Restricted policy blocks all scripts from executing to prevent potentially malicious code from damaging your device.
So if you attempt to run a .ps1 script file, PowerShell will refuse and show the “running scripts disabled” error to alert you that scripts cannot run with the current policy.
Understanding PowerShell Execution Policies
PowerShell actually has several execution policies that offer varying levels of code restrictions:
- Restricted – No scripts can run. Only individual PowerShell commands work.
- AllSigned – Only scripts signed by trusted publishers can run. Unsigned scripts are blocked.
- RemoteSigned – Downloaded scripts must be signed by trusted publishers. Locally created scripts will run.
- Unrestricted – All scripts will run, regardless of origin or signature. Very little protection.
By default, Restricted blocks all scripts to maximize safety at the expense of script functionality.
Why You See the “Running scripts disabled” Error
The Restricted policy aims to prevent untrusted, potentially malicious scripts from damaging your system. But it’s so strict that even your own harmless scripts trigger that error.
To get your scripts running, you need to relax the policy so PowerShell knows it can safely run the code you wrote.
How to Change the Execution Policy to Fix the Error
Here are the steps to update your execution policy and resolve the error:
- Open PowerShell as administrator by searching “PowerShell”, right-clicking the app, and selecting run as administrator.
- Check your current policy by running:
Get-ExecutionPolicy
3. Change the policy using:
Set-ExecutionPolicy RemoteSigned
4. Confirm the change by typing A or Y when prompted.
5. Verify the new policy is applied by running Get-ExecutionPolicy again.
6. Close and restart PowerShell for changes to fully take effect.
Choosing the Right Execution Policy for You
When deciding which execution policy to use, consider your security needs and how you use PowerShell scripts:
- If you never run scripts, Restricted is the safest option.
- If you only use trusted, signed scripts, AllSigned prevents running untrusted code.
- For a balance of security and flexibility, RemoteSigned is a good choice for many users.
RemoteSigned – The Balanced Policy
The RemoteSigned policy blocks scripts downloaded from the internet while allowing you to run your own scripts that aren’t signed.
This protects you from online threats while permitting local script creation and testing. For these reasons, it’s a popular choice for enabling PowerShell automation securely.
Verifying the Updated Execution Policy
After setting your new execution policy, it’s important to verify that the change was applied correctly.
Run Get-ExecutionPolicy again after closing and reopening PowerShell – it should now return RemoteSigned instead of Restricted.
Restart PowerShell to Apply the New Policy
For your new execution policy to fully take effect, you must close and restart the PowerShell console.
Quickly reopen PowerShell by searching for it and selecting the app again. Now scripts should run without the “disabled” error.
Important Security Considerations
Relaxing the execution policy does lower PowerShell’s security standards. Be very cautious about which policy you choose:
- Avoid Unrestricted, as it removes all protections and exposes your system to scripts from any source.
- AllSigned is safer for running trusted, signed scripts from the internet.
- RemoteSigned strikes a good balance for many users running local scripts.
Allowing Local Scripts but Restricting Internet-Based Ones
The main advantage of the RemoteSigned policy is it permits you to create and run your own PowerShell scripts on the local machine.
But it blocks unsigned scripts downloaded from the internet, protecting you from potentially malicious online code.
Don’t Completely Disable Security Restrictions
Setting your execution policy to Unrestricted disables all script protections to allow running anything. This is extremely risky and poses major security issues.
Avoid Unrestricted unless you have an absolutely critical need and understand the dangers. Even advanced users should opt for AllSigned or RemoteSigned when possible.
Conclusion
The “running scripts disabled” PowerShell error occurs due to the default Restricted execution policy blocking all scripts.
Change to a less restrictive policy like RemoteSigned using the Set-ExecutionPolicy cmdlet. Verify with Get-ExecutionPolicy and restart PowerShell.
Be cautious when relaxing restrictions, and avoid Unrestricted. With this error fixed, you can write and run PowerShell scripts to automate tasks securely.