Sometimes I see customers that for simplicity set the Powershell Execution Policy to Unrestricted. Well, I often wonder why, the usual reply is because it just doesn’t work otherwise. Well I say its time reconsider. Powershell allows for a much more granular solution using scopes. Did you know that there are 5 different scopes for the Execution policy?

So armed with this knowledge we can allow the current process to run as unrestricted while maintaining a rather secure machine around it. But if there were options to the scope what different execution policies are there? Well there are 7, well kind of..

So if you need to run powershell scripts as unrestricted, why change the entire machine.

Set-ExecutionPolicy -Scope:CurrentUser -ExecutionPolicy:Unrestricted

So now that we know that we can do it just for the user.

Change the Execution Policy for just a process

What if you only want to run a single script. Do we really need to change the Execution policy before and after? No now we have two choices. We can use Set-ExecutionPolicy or fix it when we invoke Powershell.

Set-ExecutionPolicy -Scope:process Unrestricted

from a command line windows (cmd.exe)

C:\>powershell -ExecutionPolicy Unrestricted -command "Get-ExecutionPolicy"
Unrestricted

So what does these to ways have in common? Both alter the environment variable PSExecutionPolicyPreference, you can inspect it from within PS by looking at $env:PSExecutionPolicyPreference.

So what is clear is that many persons change the execution policy in vary broad strokes just because they dont know how to do it in smaller strokes.

Sources:

• ExecutionPolicy Enumeration