Set-ExecutionPolicy RemoteSigned is a PowerShell cmdlet that sets the script execution policy to allow local scripts and signed remote scripts to run, blocking unsigned internet-downloaded scripts by default.
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUserSyntax
Set-ExecutionPolicy
[-ExecutionPolicy] <ExecutionPolicy>
[[-Scope] <ExecutionPolicyScope>]
[-Force]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
-ExecutionPolicy |
ExecutionPolicy | Required | Specifies the policy: Restricted, RemoteSigned, AllSigned, Unrestricted, Bypass, or Default. |
-Scope |
ExecutionPolicyScope | LocalMachine | Defines scope: Process, CurrentUser, LocalMachine, MachinePolicy, UserPolicy. |
-Force |
SwitchParameter | False | Suppresses confirmation prompts; applies policy without user interaction. |
-WhatIf |
SwitchParameter | False | Shows what would happen if the cmdlet runs without actually applying the change. |
-Confirm |
SwitchParameter | False | Prompts for confirmation before executing the cmdlet. |
Usage Examples
Example 1: Set RemoteSigned for the current user
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUserSets the policy only for the current user account. The change is persistent and requires no administrator privileges. Local scripts and signed remote scripts can run; unsigned internet scripts are blocked.
Example 2: Set RemoteSigned for all users (local machine)
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachineApplies the policy to all users on the machine. Requires administrative rights (Run as Administrator). This is the most common configuration for standalone workstations.
Example 3: Temporarily set RemoteSigned for the current session only
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -ForceChanges the policy only for the current PowerShell process. No persistence. Useful for ephemeral tasks like running a deployment script from an automated pipeline without altering system settings.
Example 4: Unblock a script instead of changing policy
Unblock-File -Path ".Script.ps1"If you only need to run one unsigned script from the internet, use Unblock-File to remove the Zone.Identifier alternate data stream. This does not change the execution policy and preserves the RemoteSigned restriction for other scripts.
Example 5: Verify current effective policy
Get-ExecutionPolicy -ListDisplays the execution policy for all scopes (MachinePolicy, UserPolicy, Process, CurrentUser, LocalMachine). The most restrictive (often Group Policy) takes precedence. Use this to confirm that your Set-ExecutionPolicy change is effective.
Example 6: Remove the execution policy for the current user
Set-ExecutionPolicy -ExecutionPolicy Undefined -Scope CurrentUserSets the policy to Undefined, which effectively removes the setting for that scope. The system will fall back to the next higher scope (e.g., LocalMachine default).
Troubleshooting & Common Errors
| Error Message | Root Cause | Resolution Command |
|---|---|---|
Set-ExecutionPolicy : Access to the registry key is denied. |
Insufficient permissions; run as Administrator for LocalMachine scope | Start-Process powershell -Verb RunAs then re-run command |
Set-ExecutionPolicy : Operation is not supported on this platform. |
Running on Linux or macOS; execution policy is Windows-only | Use chmod +x script.ps1 on Linux; rely on file permissions |
UnauthorizedAccess: Access denied (registry key) |
Group Policy enforces a higher-priority scope | Get-ExecutionPolicy -List to see effective policy; cannot override Group Policy without domain admin |
File cannot be loaded because the execution of scripts is disabled |
Effective policy is Restricted; script blocked | Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned |
Description
Set-ExecutionPolicy modifies the PowerShell execution policy for the specified scope. The RemoteSigned policy allows locally authored scripts (not signed) and scripts from the internet that are digitally signed to run. Scripts downloaded from the internet that are not signed are blocked unless the script file is first unblocked (e.g., via Unblock-File). This is the recommended minimum policy for development environments because it balances security with usability.
Tested on Windows Server 2022 and Windows 11 23H2 with PowerShell 7.6-preview. On Linux/macOS, this cmdlet returns: “Operation is not supported on this platform.”
Cross-Platform Note
PowerShell execution policies are Windows-only. On Linux and macOS (PowerShell Core), Set-ExecutionPolicy returns NotSupported. Use OS-level executable bits (e.g., chmod +x) to control script execution. Cloud services like AWS Systems Manager or Azure VM extensions rely on OS permissions, not PowerShell execution policies.
Frequently Asked Questions
What is the difference between RemoteSigned and AllSigned execution policies?
Answer: RemoteSigned allows locally created scripts; requires digital signature for remote scripts.
RemoteSigned is the default on Windows Server (for local scripts). AllSigned enforces stricter security, blocking any unsigned script even from the local machine. To check current policy, use
Get-ExecutionPolicyor list all scopes with
Get-ExecutionPolicy -List.
When should I use the -Scope CurrentUser flag with Set-ExecutionPolicy?
Answer: Use -Scope CurrentUser when you lack admin rights or want to restrict policy changes to the current user only, avoiding elevation requirement.
Without this flag, Set-ExecutionPolicy defaults to -Scope LocalMachine (requires Administrator). The command
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUsermodifies HKEY_CURRENT_USER, taking effect immediately without admin prompt.
How do I fix ‘Set-ExecutionPolicy : Access to the registry key is denied’ error?
Answer: Run PowerShell as Administrator, or specify -Scope CurrentUser to avoid registry key modification under HKLM.
The error occurs when trying to modify HKLM:SOFTWAREMicrosoftPowerShell1ShellIdsMicrosoft.PowerShell without elevation. For admin-less fix:
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -ForceFor one-time elevation:
Start-Process powershell -Verb RunAs -ArgumentList '-NoExit -Command "Set-ExecutionPolicy RemoteSigned -Scope LocalMachine"'Does Set-ExecutionPolicy RemoteSigned work on PowerShell Core (Linux/macOS)?
Answer: No, Set-ExecutionPolicy is a Windows-only cmdlet. On Linux/macOS, it throws a NotSupported exception. Use OS-level permissions (e.g., chmod +x) to control script execution on those platforms.
What is the fastest way to set ExecutionPolicy RemoteSigned without administrative privileges?
Answer: Use the command: Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force.
One-liner:
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -ForceTo verify:
Get-ExecutionPolicyThis is the fastest non-admin method, ideal for CI/CD pipelines or restricted environments.
Command Line Expert & Software Engineer
Welcome! I’m Thomas Heinrich, a software engineer and system administrator with a deep passion for the Command Line Interface (CLI). With years of experience navigating the terminal, building backend architectures, and automating server deployments, I created this space to share practical, real-world terminal knowledge.
Whether you are a beginner taking your first steps in a Linux environment or a seasoned DevOps engineer looking to optimize your deployment scripts, you will find actionable solutions here. My goal is to help you ditch the mouse, speed up your workflow, and harness the full power of the command line.