The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,994 other followers

Enabling powershell to run unsigned scripts for the current user only (via: Absoblogginlutely!)

Posted by jpluimers on 2012/03/21

More than a year ago, I wrote about enabling PowerShell to run unsigned scripts, and a way to circumvent the “cannot be loaded because the execution of scripts is disabled on this system” error.

The solution  there uses the Set-ExecutionPolicy cmdlet, but only works for administrators. As of PowerShell 2.0, there is more fine grained control for the Set-ExecutionPolicy cmdlet, and an updated Set-ExecutionPolicy cmdlet topic which I overlooked.

The solution below shows what happens when the current user is not an administrator, and works around it by applying it only for the current user.

error message:

Set-ExecutionPolicy : Access to the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' is denied.

Sure enough I don’t have permission to this registry key.

I checked with our admin to ensure this wasn’t set in group policy before I started fiddling around. Found out that there is another setting that is user specific that can be set with

Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned

This will allow the current user to run unsigned scripts he wrote himself, but still require remote (for instance downloaded) scripts to be signed.

Note it is easy to strip the “remote” flag of a downloaded script: NTFS keeps this flag in the Zone:Identifier NTFS alternate data stream.
Only do that for scripts you trust.


via: Absoblogginlutely! » Enabling powershell to run scripts with registry permissions..

4 Responses to “Enabling powershell to run unsigned scripts for the current user only (via: Absoblogginlutely!)”

  1. […] Enabling powershell to run unsigned scripts for the current user only (via: Absoblogginlutely!). […]

  2. […] took me a while to google an answer to this, but what helped me was this great post by Jeroen W. […]

  3. Great! This also happens to be the way to get Powershell scripts to run on a Windows RT device like my ARM based Surface :)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: