Virtual Geek

Tales from real IT system administrators world and non-production environment

Different ways to bypass Powershell execution policy :.ps1 cannot be loaded because running scripts is disabled

August 19, 2017 03:12PM

By default PowerShell scripts ps1 extension files are restricted to execute on windows system (For windows 2016 it is by default remotesigned), Generally whenever you run ps1 file you will see below error on Powershell console. This is not the authentication issue instead no one can execute ps1 files even administrator. To run script first need to make changes on OS, even if there is single line in the ps1 script file. For this article I will be using basic program line "Hello world!"

PS C:\> .\Script.ps1
.\Script.ps1 : File C:\Script.ps1 cannot be loaded because running scripts is disabled on this system. For more information, see about_Execution_Policies at
At line:1 char:1
+ .\Script.ps1
+ ~~~~~~~~~~~~
    + CategoryInfo          : SecurityError: (:) [], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess

Microsoft Powershell Script execution get-Executionpolicy unrestricted script cannot be loaded because running scripts is disabled on this system, For more information, see about_Execution_Policies

Powershell script file extention is ps1. to execute it change the prompt with CD command to the folder where script is stored and . dot source it while running or give complete path as shown below. It will fail by default. 

Microsoft Powershell Script execution get-Executionpolicy set-executionpolicy dot source unrestricted script cannot be loaded because running scripts is disabled on this system, Information about_Execution_policies

The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks described in the about_Execution_Policies help topic at Below policies list exists.

Policy Description
AllSigned All ps1 files must be digitally signed. If remote, signed, and executed, Windows PowerShell prompts the user to determine if files from the signing publisher should be run.
Bypass No files must be signed, and internet origin is not verified.
Default The most restrictive policy available. Restricted
RemoteSigned All ps1 Files originating from the internet must be digitally signed. If remote, signed, and executed, Windows PowerShell prompts the user to determine if files from the signing publisher should be run. Allow local scripts and remote signed scripts.
Restricted All PS1 files are blocked. Windows PowerShell prompts the user if the user hasn't decided whether to trust the publisher yet.

Installing, importing and using any module in powershell

To view current execution policy check with command Get-ExecutionPolicy. By default result will be Restricted if no previous changes. After changing policy with command Set-ExecutionPolicy Unrestricted, press enter twice to accept yes. Choose appropriate one of the policy as per your environment hardening policy. Unrestricted is not recommended. As per below screenshot, script is executed successfully.

Microsoft Powershell Get-executionpolicy, Set-Executionpolicy Unrestricted script.ps1, execution policy change

Set-ExecutionPolicy : Access to the registry key
'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' is denied. To change the execution policy for the default (LocalMachine) scope, start Windows PowerShell with the "Run as administrator" option. To change the execution policy for the current user, run "Set-ExecutionPolicy -Scope CurrentUser".
At line:1 char:1
+ Set-ExecutionPolicy Unrestricted
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (:) [Set-ExecutionPolicy], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand

To run Set-Executionpolicy unrestricted cmdlet administrator rights are required. If admin rights (Run as Administrator) not preset it shows access denied error. But still non administrators can bypass below error using command Set-ExecutionPolicy -Scope CurrentUser Unrestricted. It work without admin rights and changes are applicable to the current logged in user only. 

Windows Powershell, Set-Executionpolicy Scope CurrentUser, get-Executionpolicy, unrestricted, registry key powershell, executionpolicy, shellids software

In the Background it is modifying registry key value data of HKEY_CURRENT_USER\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy. This requires non administrator rights. But editing localmachine scope or HKEY_Local_Machine requires Administrator rights.

Powershell hkey_current_user, hkey_current_machine software microsoft powershell shellids microsoft.powershell, executionpolicy edit string registry key string value data

This is another way I use a lot to run ps1 scripts in complete restricted environments. I can perform same from cmd (command prompt) as well.

1) Once PowerShell is lanuched, by default execution policy is restricted and script cann't be run,
2 & 3) Using Powershell -executionpolicy unrestricted, I have lifted restrictions. and I am into nested powershell mode (Powershell inside powershell).
4) I verified running script that I can run script.
5) Nested Powershell is exited using command Exit.
6 & 7) If you don't want nested console and run file directly, you can run one liner command Powershell -executionpolicy unrestricted -file 'c:\script.ps1', It will provide the result and close the unrestricted powershell session.
8) Powershell is still in restricted execution node.

Windows Powershell, microsoft get-execution policy, Powershell -executionpolicy unrestricted -file, disabled ps run console, nested powershell examples

This is another best way and doesn't require any special requirement. Copy content from ps1 file and paste on PowerShell directly. Or copy paste code in function script { code here }. Using function you will get more control, and run it whenever you want without need to copy paste, just need to run function command name as shown below. it can also be stored in powershell profiles if you run same script file frequently. script notepad microsoft windows Powershell write-output hello world, script example, advance Function execute blocked script

I found below is best way to bypass powershell execution policy but using infrequently and no need to open file in notepad by running cat c:\script.ps1 | Invoke-expression. The Invoke-Expression cmdlet evaluates or runs a specified string as a command and returns the results of the expression or command. Without Invoke-Expression, a string submitted at the command line would be returned (echoed) unchanged.

Last way in this article, Copy paste ps1 file content commands inside curly braces {} and use & and operator (also alias to invoke-expression/iex) to run it.

Execute Powershell get-content, cat, hello world write-output,  Invoke-expression, iex, running script execution policy unrestricted, script in curly braces

Go Back