Monday, July 4, 2011

Could not execute Powershell script

Last week I had to run a maintenance script on a server. But it gave me the following error:

File cleanup.ps1 cannot be loaded because the execution of scripts is disabled on this system.

Turns out that by default the security setting on the server(the so-called Execution Policy) does not allows us to execute a script. By default, the Execution Policy is set to Restricted. This setting means that you may not run any PS1 script at all.

You can choose between the following Execution Policy levels:

  • Restricted
    This is the default configuration in PowerShell. This setting means that no script can run, regardless of its signature. The only thing that can be run in PowerShell with this setting are individual commands.
  • AllSigned
    This setting does allow scripts to run in PowerShell. The script must have an associated digital signature from a trusted publisher. There will be a prompt before you run the scripts from trusted publishers. This exposes you to running signed, but malicious, scripts.
  • RemoteSigned
    This setting allows scripts to be run, but requires that the script and configuration files that are downloaded from the Internet have an associated digital signature from a trusted publisher. Scripts run from local computer don’t need to be signed. There are no prompts before running the script. Still exposes you to scripts that are signed, yet malicious.
  • Unrestricted
    This is not a suggested setting! This allows unsigned scripts to run, including all scripts and configuration files downloaded from the Internet. This will include files from Outlook and Messenger. The risk here is running scripts without any signature or security.

To change the Execution Policy to Unrestricted, type the following command in Powershell

Set-ExecutionPolicy Unrestricted

To change the Execution Policy to RemoteSigned (to run your own scripts), type the following command in Powershell

Set-ExecutionPolicy RemoteSigned

1 comment:

sharepoint digital signature said...

I was not knowing that default the security setting on the server Execution Policy does not allows us to execute a script.I came across the same error and you really helped me to sort it out.Thanks