theme-sticky-logo-alt
theme-logo-alt

Change the PowerShell MachinePolicy Execution Policy in Windows Server 2012R2

March 18, 2014
by Vlad Catrinescu
27 Comments

Background

Last week I wanted to try the new SharePoint 2013 SP1 and, as I never install SharePoint without using PowerShell scripts, I tried using the awesome AutoSPInstaller to install my SharePoint. When Windows Server 201 R2 came out, the twitter sphere said that nothing changed except the Execution Policy was “RemoteSigned”. AutoSPInstaller has a Launch.bat file that makes sure the Main.ps1 launches in “ByPass” mode.

However, the way AutoSPInstaller works is that it includes two other PowerShell files where the functions are stored. When those get included, the ByPass mode is not in effect anymore, and PowerShell goes back to the Machine Policy, which by default is Remote Signed. It’s a good security measure, but we need to get this fixed!

Also for the sake of Google indexing the error for other people, here is the error text:

File cannot be loaded. The file is not digitally signed. You cannot run this script on the current system.

So, I tried to change the execution policy from Powershell with the following command:

 Set-ExecutionPolicy -Scope MachinePolicy -ExecutionPolicy Bypass    

However I got the following error:

PowerShell MachinePolicy Execution Policy

Set-ExecutionPolicy : Cannot set execution policy. Execution policies at the MachinePolicy or UserPolicy scopes must
be set through Group Policy.

The Fix

You can actually change the MachinePolcy Execution Policy without going through GPO! You need to go in the registry and edit the following key HKLM:\Software\Policies\Microsoft\Windows\PowerShell and change the ExecutionPolicy value to ByPass.

Or you can simply run this PowerShell command:

 Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\PowerShell -Name ExecutionPolicy -Value ByPass

However… the PowerShell command might give you an error that will look something like this:

Cannot find path ‘HKLM:\Software\Policies\Microsoft\Windows\PowerShell’ because it does not exist.

This is because your local group policy to allow scripts to run on the system is probably “not configured” . To configure it, run “gpedit.msc” in the metro start bar.

Then Navigate to: Computer Configuration > Administrative Templates > Windows Components > Windows PowerShell. Change the “Turn on Script Execution” to look something like this:

Afterwards, the PowerShell command should work and you should be able to change your Execution Policy without any problems!

Hope his helps!

Leave a comment and don’t forget to like the Vlad Talks Tech Page   on Facebook and to follow me on Twitter here  for the latest news and technical articles on SharePoint.  I am also a Pluralsight author, and you can view all the courses I created on my author page.

Powershell
Previous Post
The Ultimate Script to download SharePoint Conference 2014 Videos AND slides!
Next Post
Get a free Virtualization Certification Exam from Microsoft!

27 Comments

  • August 15, 2014 at 4:24 pm
    BB

    Yes it helped. Thanks.

    Reply
  • December 2, 2014 at 9:58 am
    David

    Thanks!!

    Reply
  • December 30, 2014 at 3:17 am
    Fox

    Thank you for your help! Now I got RDS BPA working with that registry tweak.

    Reply
    • June 8, 2015 at 1:04 pm
      Rich

      Thanks – can now run my script in Powershell 5!

      Reply
  • May 12, 2015 at 4:27 am
    Anto Bilson

    Hi,
    The same issue will be in my application also and i have checked the above steps to turn on script. But the windows powershell option was not there.Please help me to solve the issue

    Reply
  • July 14, 2015 at 5:34 pm
    Zman

    Or…you could right-click and just launch powershell with administrative privileges, make your changes to execution policy which are then saved permanently. We do this all the time and works great. As mentioned above you could also use Group Policy which to me seems less risky than running regedit or running a powershell to edit the registry which really just runs regedit.

    https://technet.microsoft.com/en-us/library/hh849812.aspx

    Quoted from above URL:

    NOTE: To change the execution policy for the default (LocalMachine) scope, start Windows PowerShell with the “Run as administrator” option.

    Reply
    • July 15, 2015 at 2:12 pm
      Vlad Catrinescu

      Of course I tried that before going the long way, but it didn’t work for me 🙁

      Reply
  • July 21, 2015 at 5:22 am
    aaa

    After gpupdate the registry key return to unrestricted!

    Reply
  • July 31, 2015 at 9:36 am
    Raj

    Updating manually by using regedit and to ExecutionPolicy worked. Thanks

    Reply
  • October 30, 2015 at 9:56 am
    Matt

    I was getting the same error while trying to use NUGET in Visual Studio 2013. This fixed my issue as well!!!! Thanks!

    Reply
  • December 10, 2015 at 4:23 pm
    tf

    it worked! thanks heaps!

    Reply
  • February 14, 2016 at 5:09 am
    Ankur

    Thanks… worked for me

    Reply
  • February 27, 2016 at 4:14 am
    MrT

    Worked perfectly – Thank you so much Vlad!

    Reply
  • July 3, 2016 at 11:48 pm
    Benjamin@BACP

    Thanks. This helped. Finally!

    Reply
  • August 18, 2016 at 7:13 pm
    Joe Herr

    Perfect, solved the problem I was having getting NuGet to run.

    Reply
  • July 10, 2017 at 11:03 pm
    simon

    Great! worked for me

    Reply
  • December 4, 2018 at 11:38 am
    Joe P

    I Enabled the “Turn on Script Execution” policy as instructed, but it did not create any registry keys. There is still no …\Windows\PowerShell entry on my system.

    Reply
  • April 21, 2019 at 4:52 am
    Nadeem-Ullah

    I’m using windows 10 “Insider preview build”, when I tried to fix the Execution Policy through the above Directory, it didn’t work for me because, I’m using Hyper-V in UEFI-Firmware then I tried to find the Exact Directory and Successfully found it, given bellow.
    ” Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell ”
    by right-click on windows-icon and click run then type REGEDIT and click ok, then I direct to the above given directory.

    Reply
  • September 16, 2019 at 1:31 am
    Midhun C N

    Worked. Thanks man.

    Reply
  • December 4, 2019 at 6:26 am
    RTH

    Yes this worked for me

    Reply
  • May 17, 2020 at 9:36 pm
    Lan Hong

    It helps, thanks a lot

    Reply
  • June 28, 2020 at 6:39 pm
    Bala

    Thank you! Helped Immensely!!

    Reply
  • March 22, 2021 at 8:40 am
    Daniel

    Thanks good “how to”

    Cheers 🙂

    Reply
  • September 29, 2021 at 8:05 pm
    Sebastián Q

    Thanks a lot!

    Reply
  • December 23, 2022 at 6:25 am
    G.St.Lu

    Thanks

    Reply
  • December 28, 2022 at 11:24 am
    Lukas

    Wow! Man, what a Knowledge! ThankYou!

    Reply

Leave a Reply

Top Learning Resources

15 49.0138 8.38624 1 0 4000 1 https://vladtalkstech.com 300 1