When you try to run a PowerShell script that has not been signed by a trusted publisher, you may get the following security error:
"script.ps1 :File path\script.ps1 cannot be loaded. The file path\script.ps1 is not digitally signed. You cannot run this script on the current system."
This security error can occur when the PowerShell's execution policy is set to Allsigned or Remotesigned and the script isn't signed.
Allsigned execution policy allows execution of all Powershell scripts that are signed. Before executing the script you will be prompted to confirm that you trust the publisher that has signed the script.
Remote execution policy restricts the execution of downloaded scripts that are unsigned. Scripts that are executed from the local computer doesn't have to be signed.
Solution
There are different methods to overcome this error. You may choose to either sign the PowerShell script, change the execution policy, bypass the policy or unblock the file so that it can run once on that session.
Check Execution Policy
First of all check your execution policy using the cmdlet Get-ExecutionPolicy
PS C:\> Get-ExecutionPolicy AllSigned
The list parameter in Get-ExecutionPolicy cmdlet tells you the execution policy for each scope.
PS C:\> Get-ExecutionPolicy -list
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser Undefined
LocalMachine RemoteSigned
The default execution policy for all windows version except for Windows 2012 R2 is Restricted. The default execution policy in Windows 2012 R2 is RemoteSigned.
The default execution policy for all scopes in Windows 11 is Undefined which means no execution policy set. This effectively means "Restricted"
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser Undefined
LocalMachine Undefined
Changing Execution Policy Permanently
The easiest but unsecure method of getting rid of this error message is to change the ExecutionPolicy using the SetExecutionPolicy cmdlet. The following command sets the execution policy to unrestricted.
PS C:\> Set-ExecutionPolicy unrestricted
Press Y to confirm the change when prompted. The policy change is updated in the registry and will remain until you change it again.
Changing Execution Policy Temporarily
Instead of changing the execution policy permanently you could set a different policy for a single PowerShell session. This is done using the ExecutionPolicy parameter of powershell.exe
Open a command prompt or PowerShell and run the command:
C:\> powershell.exe -executionpolicy -bypass
The above command opens a PowerShell session with execution policy for that session set to Bypass which means nothing is blocked.
Unblocking a File that was downloaded
When the execution policy is RemoteSigned, the files that are downloaded from the internet (or from emails) are blocked to protect your running unsafe scripts. If you trust the contents of the script are safe, then you can unblock it to run on your session using the Unblock-File cmdlet
PS C:\> Unblock-File -Path C:\Downloads\script1.ps1
Once you have changed the Execution policy permanently or temporarily for a session or a particular script you can continue to run the script but before you do that make sure the contents of the script does not harm your computer.
Change execution policy on Windows 11
On Windows 11 computers you can change the execution policy from Windows settings also.
Open Settings → Privacy & Security → For developers
Scroll down to the section PowerShell and click Apply. This will change the execution policy for the scope "CurrentUser" to "RemoteSigned". This change will allow local PowerShell scripts to run without signing.
