PowerShell script is not digitally signed

1
6653

When you try to run a PowerShell script that has not been signed by Trusted Publisher, you may get the following security error.

<PowerShell Script file> is not digitally signed. You cannot run
this script on the current system. For more information about running scripts and setting execution policy, see
about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.

PowerShell error

How to resolve the error PowerShell script is not digitally signed?

There are some resolutions for this issue. You can sign the PowerShell script that you want to run, change the execution policy, bypass the policy or unblock the file so that it can run once on that session.

Check execution policy

You can run  Get-ExecutionPolicy cmdlet to get your Execution Policy.

get-executionpolicy

You can also add -list parameter to get the execution policy for each scope.

get-executionpolicy -list

Change Execution Policy Permanently

The easiest but unsecured method of getting rid of this error message is to change the ExecutionPolicy using the Set-ExecutionPolicy cmdlet and set the execution policy to unrestricted.

Set-ExecutionPolicy -ExecutionPolicy unrestricted

Change Execution Policy Temporarily

To change the execution policy temporarily, you can use Set-ExecutionPolicy cmdlet with ByPass setting.

Set-ExecutionPolicy -ExecutionPolicy  ByPass

Below is the detail of  the acceptable values for -ExecutionPolicy parameter:

  • Restricted. Does not load configuration files or run scripts. Restricted is the default execution policy.
  • AllSigned. Requires that all scripts and configuration files be signed by a trusted publisher, including scripts that you write on the local computer.
  • RemoteSigned. Requires that all scripts and configuration files downloaded from the Internet be signed by a trusted publisher.
  • Unrestricted. Loads all configuration files and runs all scripts. If you run an unsigned script that was downloaded from the Internet, you are prompted for permission before it runs.
  • Bypass. Nothing is blocked and there are no warnings or prompts.
  • Undefined. Removes the currently assigned execution policy from the current scope. This parameter will not remove an execution policy that is set in a Group Policy Scope.

The default scope for Set-ExecutionPolicy command is LocalMachine. You can also specify on which scope the policy will be set by adding -Scope parameter.  Below is the detail of scopes that you can set:

  • Process: The execution policy affects only the current PowerShell process.
  • CurrentUser: The execution policy affects only the current user.
  • LocalMachine: The execution policy affects all users of the computer.

To remove an execution policy from a particular scope, set the execution policy for that scope to Undefined.