How to run unsigned PowerShell scripts safely

By Oct 9, 2023 Windows 0 Comments

PowerShell is a versatile scripting language that’s widely used in Windows environments for automating tasks and managing system configurations. However, by default, PowerShell restricts the execution of unsigned scripts for security reasons.

Have you encountered the error “ The file .ps1 is not digitally signed. You cannot run this script on the current system” while trying to run an unsigned PowerShell script?

How to run unsigned PowerShell scripts safely

This error occurs when the default execution policy restricts the execution of unsigned scripts for security reasons. Unsigned scripts can potentially be malicious and pose a significant risk to your system.

How to run unsigned PowerShell scripts safely

Understanding PowerShell’s Execution Policies

PowerShell’s execution policies are a set of rules that determine which scripts can be run on a system. The default execution policy on Windows systems is often set to “Restricted,” which prevents the execution of all scripts. To run unsigned scripts, you need to modify the execution policy.

⚠️ Disclaimer:

Running unsigned scripts can be risky, and you should only do so when you trust the source of the script. Always exercise caution and follow best security practices when working with unsigned scripts.

Temporary Bypass for Script Execution

If you need to run unsigned scripts during your current session without permanently changing the execution policy, you can use a temporary bypass. This bypasses the execution policy for the duration of your session. To do this, open a PowerShell window and run the following command:

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

With this command, you can execute unsigned scripts without altering the system-wide execution policy. Remember that this bypass should be used with caution and only when you trust the source of the script.

Checking the Current Execution Policy

Before you proceed, it’s a good idea to check the current execution policy. Open a PowerShell window and run the following command:

Get-ExecutionPolicy

This will display the current execution policy, which can be one of the following:

  • Restricted: The default policy that prevents the execution of all scripts.
  • AllSigned: Allows the execution of scripts only if they are digitally signed by a trusted publisher.
  • RemoteSigned: Permits the execution of scripts that are locally created but requires digital signatures for scripts downloaded from the internet.
  • Unrestricted: Allows the execution of all scripts, including unsigned ones. This is the most permissive but also the least secure option.

Changing the Execution Policy

To run unsigned scripts, you can change the execution policy to “Unrestricted.” However, we strongly recommend against this unless you have a good reason and understand the risks involved.

To set the execution policy to “Unrestricted,” open a PowerShell window with administrative privileges and run the following command:

Set-ExecutionPolicy Unrestricted

You may be prompted to confirm this change. Once done, you can run unsigned scripts without any issues.

Running the Unsigned Script

With the execution policy set to “Unrestricted,” you can now run your unsigned PowerShell script. Simply navigate to the script’s location and execute it by entering its path in the PowerShell window:

.\your_script.ps1

Reverting to a Secure Execution Policy

After you’ve finished running your unsigned script or scripts, it’s essential to revert to a more secure execution policy to maintain system security. To set the execution policy back to a safer state, open a PowerShell window with administrative privileges and use one of the following commands:

To set the execution policy back to “Restricted” (the most secure option):

Set-ExecutionPolicy Restricted

To set the execution policy to “RemoteSigned” (a balanced option for most users):

Set-ExecutionPolicy RemoteSigned

Conclusion

Running unsigned PowerShell scripts can be a necessary step in certain scenarios, but it should be done cautiously to avoid security risks. Always be sure to trust the source of the script and understand the potential consequences of running unsigned code. Additionally, make sure to reset your execution policy to a secure level when you’re done with the unsigned script to maintain the overall security of your Windows system. If you encounter the “not digitally signed” error, follow the solutions provided in this article to address the issue and safely run your scripts.

No comments yet

Leave a Reply

João Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.