4

Since the 20H2 build of Windows 10 came out, if I want to run a script without copying and pasting it into a PowerShell window, I have to write the following command:

Set-ExecutionPolicy -ExecutionPolicy ByPass -Scope Process -Force

I don't want to turn off the default behavior, since it prevents scripts from being run by accident or maliciously.

But I'd also like to be able to just open a PowerShell window as my administrator account, and execute .\somescript.ps1 so that it runs.

Is it secure to place the line above in my powershell profile so I don't have to manually run it every time I open Powershell as my Admin account, provided I still have UAC turned on (a.k.a. still have to type my password when opening a Powershell as Admin)?

Improve this question
1
  • That does not answer your question, but Microsoft recommends the following command instead: Set-ExecutionPolicy RemoteSigned
    – A. Hersean
    Commented Jun 17, 2021 at 16:19

1 Answer 1

Reset to default
2

With Set-ExecutionPolicy -ExecutionPolicy ByPass -Scope Process you simply temporarily bypass the default setting in the scope of current process. You can see the default policies from about_Execution_Policies: Restricted prevents execution of all scripts whereas AllSigned and RemoteSigned required the scripts to be signed by a trusted publisher, respectively.

To avoid running this command every time, still preventing all scripts from running freely, you could change your global policy to allow running signed scripts.

Set-ExecutionPolicy -ExecutionPolicy AllSigned -Scope LocalMachine

After that you could create a code signing certificate and sign your trusted PowerShell scripts with it.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .