set execution policy bypass is the PowerShell operation to configure script execution without restrictions via the Set-ExecutionPolicy cmdlet with the Bypass policy, applicable per session or persistently through registry scopes.
powershell.exe -ExecutionPolicy Bypass -File "C:Deploysetup.ps1"What is set execution policy bypass and when to use it?
Execution policy is a PowerShell security control that determines whether scripts are allowed to run. The default policy on Windows is Restricted, blocking all scripts. Bypass removes all restrictions—scripts run without any signature check or warning. This is commonly used in automated DevOps pipelines, system provisioning scripts (choco install, teams), or when running unsigned internal tools. The alternative RemoteSigned requires signatures from remote sources; AllSigned requires signatures on all scripts. Unlike Unrestricted, Bypass does not prompt for consent. On Linux/macOS, the default is Unrestricted and cannot be changed via Set-ExecutionPolicy; the cmdlet exists but returns a message that it is unsupported.
Tested on Windows 11 22H2 with PowerShell 7.4.2 and Windows PowerShell 5.1.
Syntax
# Permanent bypass (per scope)
Set-ExecutionPolicy [-ExecutionPolicy] <ExecutionPolicy> [[-Scope] <ExecutionPolicyScope>] [-Force] [-Confirm] [-WhatIf] [<CommonParameters>]
# Temporary bypass (per session)
powershell.exe -ExecutionPolicy Bypass -File "<ScriptPath>"Accepted ExecutionPolicy values: Bypass, Unrestricted, RemoteSigned, AllSigned, Restricted, Default, Undefined.
Accepted Scope values: LocalMachine (default), CurrentUser, Process, MachinePolicy (GPO), UserPolicy (GPO).
Options and Flags
| Flag | Type | Default | Description |
|---|---|---|---|
-ExecutionPolicy (-ep) |
Mandatory (positional 0) | N/A | Specifies the policy value: e.g., Bypass, RemoteSigned. |
-Scope |
Optional | LocalMachine |
Defines the configuration layer. Process affects only the current session; LocalMachine persists in the registry for all users. |
-Force |
Switch | $false |
Suppresses confirmation prompts and overrides read-only policies where possible. |
-Confirm |
Switch | $false |
Prompts for confirmation before applying the change. |
-WhatIf |
Switch | $false |
Shows what would happen without actually making the change. |
Usage Examples
Example 1: Run a single script without permanent changes
powershell.exe -ExecutionPolicy Bypass -File "C:Deploysetup.ps1"This launches a new PowerShell process that bypasses the execution policy for the duration of that script only. The system-wide policy remains unchanged. Ideal for one-off automations during CI/CD or remote execution.
Example 2: Persistent bypass for the current user only
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope CurrentUser -ForceWrites the Bypass policy to HKEY_CURRENT_USERSoftwareMicrosoftPowerShell1ShellIdsMicrosoft.PowerShell. Other users on the machine retain their existing policies. This is the recommended scope for development workstations.
Example 3: Remove the execution policy (revert to inherited or Restricted)
Set-ExecutionPolicy -ExecutionPolicy Undefined -Scope CurrentUserSets the policy to Undefined for the current user. The effective policy then falls back to the next applicable scope (e.g., LocalMachine or Group Policy). Useful for cleanup after temporary bypass.
Troubleshooting & Common Errors
| Error Message | Root Cause | Resolution Command |
|---|---|---|
Access to the registry key 'HKEY_LOCAL_MACHINE...' is denied. |
Lack of administrator privileges when targeting LocalMachine scope. |
Run PowerShell as Administrator or use -Scope CurrentUser. |
Set-ExecutionPolicy: Cannot set execution policy because it is controlled by a Group Policy. |
Domain/GPO enforcement overrides local policy. | Check GPO settings via Get-ExecutionPolicy -List; GPO scopes MachinePolicy or UserPolicy take precedence. |
The parameter is incorrect. |
Invalid ExecutionPolicy value or Scope name. |
Verify values: Bypass, RemoteSigned, CurrentUser, etc. |
set execution policy bypass — Performance Considerations and Tuning
The -ExecutionPolicy Bypass flag eliminates the per‑script policy lookup and signature validation overhead. By default, PowerShell evaluates the effective policy for each script invocation, which adds 10–20 ms of latency on Windows due to registry and Group Policy queries. Using Bypass (or -ep Bypass) skips this check entirely, reducing startup time in automation loops.
- Scope tuning: Use
-Scope ProcesswithSet-ExecutionPolicy Bypassto avoid writing to the registry (HKEY_LOCAL_MACHINE or HKEY_LOCAL_USER), which improves performance when changing policies frequently in scripts. - Group Policy refresh interval: By default, policy is re‑evaluated every 90–120 minutes. For latency‑sensitive workloads, disable Group Policy processing of PowerShell execution policies via
gpupdate /target:computer /forceor set theMachinePolicyandUserPolicyscopes toUndefined. - Bypass at invocation: Prefer
powershell -ExecutionPolicy Bypass -File script.ps1over callingSet-ExecutionPolicyrepeatedly, as no persistent registry write occurs. - Timeouts: When Bypass is used with remote sessions, ensure the
$PSSessionOption.OperationTimeoutis at least 30 seconds to accommodate policy propagation delays in domain environments.
# Measure the performance gain from bypassing policy checks
Measure-Command { powershell -ExecutionPolicy Bypass -Command "Get-Process" }
Measure-Command { powershell -Command "Get-Process" } # default policy evaluationRefer to Microsoft’s about_Execution_Policies and Set-ExecutionPolicy documentation for official knobs. The default effective policy is Restricted if all scopes are Undefined (Windows). On non‑Windows systems (PowerShell 6+), policy is Unrestricted and cannot be changed; Bypass is therefore unnecessary.
Frequently Asked Questions
What is the difference between -Scope Process vs -Scope CurrentUser with Set-ExecutionPolicy Bypass?
Answer: -Scope Process sets Bypass only for the current PowerShell session; -Scope CurrentUser persists to the user’s registry, surviving reboots.
Temporary bypass for one-off scripts:
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope ProcessFor persistent per-user bypass:
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope CurrentUserScope Process is safer for automation jobs that must not leave a permanent policy change.
When should I use the -ExecutionPolicy Bypass with -Scope LocalMachine?
Answer: Use for system-wide script execution in automated deployments or CI/CD agents that require unrestricted execution for all users.
Admin elevation required:
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope LocalMachineRisk: any unsigned or remote script runs with full trust. Prefer -Scope Process for temporary needs, or -Scope CurrentUser for user-level only.
How do I fix error ‘Access to the registry key is denied’ when setting ExecutionPolicy Bypass?
Answer: Elevate PowerShell to Administrator (Run as Admin).
Launch admin shell:
Start-Process powershell -Verb RunAsThen run:
Set-ExecutionPolicy Bypass -Scope LocalMachineAlternatively, without admin rights:
Set-ExecutionPolicy Bypass -Scope CurrentUserCheck GPO enforcement with Get-ExecutionPolicy -List.
Does Set-ExecutionPolicy Bypass work on Linux (PowerShell Core) or macOS?
Answer: Yes, on PowerShell 7+ for Linux and macOS.
On Linux:
pwsh -Command "Set-ExecutionPolicy Bypass -Scope CurrentUser"On non-Windows, execution policy is less strict, but Bypass still fully disables checks. Use only when running scripts from untrusted sources that require explicit override.
What is the fastest way to run a single remote script with ExecutionPolicy Bypass via PowerShell?
Answer: Use inline -ExecutionPolicy Bypass with -Command or -File: powershell -ExecutionPolicy Bypass -Command “Invoke-Expression (iwr -Uri URL)”.
For one-liner download & execute:
powershell -ExecutionPolicy Bypass -Command "Invoke-Expression (Invoke-WebRequest -Uri https://example.com/script.ps1)"Or use -File with a saved script:
powershell -ExecutionPolicy Bypass -File script.ps1This avoids persistent policy changes; combine with -Scope Process for zero footprint.
Command Line Expert & Software Engineer
Welcome! I’m Thomas Heinrich, a software engineer and system administrator with a deep passion for the Command Line Interface (CLI). With years of experience navigating the terminal, building backend architectures, and automating server deployments, I created this space to share practical, real-world terminal knowledge.
Whether you are a beginner taking your first steps in a Linux environment or a seasoned DevOps engineer looking to optimize your deployment scripts, you will find actionable solutions here. My goal is to help you ditch the mouse, speed up your workflow, and harness the full power of the command line.