How To Enable Running Scripts On Windows 11 | RemoteSigned Policy

To enable script execution in Windows 11, set the execution policy to RemoteSigned using the Set-ExecutionPolicy cmdlet in an elevated PowerShell session.

By default, Windows 11 blocks all PowerShell scripts with the Restricted execution policy. This safety feature prevents malicious code from running, but it also stops legitimate scripts for development, automation, or Office deployments. The fix takes one command in an administrator console, and a safer alternative applies the change only to your user account. Below you’ll find the exact steps, the security trade-offs of each policy option, and how to clean up afterward.

What Is the PowerShell Execution Policy?

An execution policy is a security control that determines which PowerShell scripts (files ending in .ps1) can run on your machine. Windows 11 ships with the Restricted policy, which prevents any script from executing. The other policies—RemoteSigned, AllSigned, Unrestricted, Bypass, Default, and Undefined—allow varying levels of script execution with different security requirements.

Each policy can be applied at different scopes: LocalMachine (affects all users), CurrentUser (affects only you), Process (for the current session only), or Session (for a specific PowerShell session). The safest approach for most individual users is RemoteSigned at the CurrentUser scope.

Policy Behavior When to Use
Restricted Blocks all scripts Default; use for day-to-day desktop work
RemoteSigned Allows local scripts; remote script must be signed Best balance of security and productivity
AllSigned All scripts must be signed by a trusted publisher High-security environments
Unrestricted All scripts run with a warning for remote ones Development sandboxes after full understanding of risks
Bypass No restrictions – everything runs One-off execution or automated installers
Default Uses the machine-level default policy Reset to factory behavior
Undefined No policy set at this scope; falls back to parent scope Mixed environment with Group Policy

How to Enable Script Execution in Windows 11: The Safe Steps

The most secure method is to use a user-wide scope that avoids affecting other accounts. If you only need scripts temporarily, use the one-time bypass flag so no policy change sticks.

Method 1 – Set Policy for All Users (Administrator Required)

  1. Open Start, type PowerShell, right-click Windows PowerShell, and select Run as administrator.
  2. Check the current policy: type Get-ExecutionPolicy and press Enter. It should return Restricted.
  3. Set the policy to RemoteSigned: type Set-ExecutionPolicy RemoteSigned and press Enter.
  4. When prompted, type Y (Yes) or A (Yes to All) and press Enter.
  5. Run your script (.\YourScript.ps1) from the command line.
  6. Revert immediately after use: type Set-ExecutionPolicy Restricted and press Enter. Confirm with Y.
  7. Close the PowerShell window.

Leaving the policy at Unrestricted or RemoteSigned permanently exposes your machine to unsigned remote scripts. Reverting is critical.

Method 2 – Set Policy Only for Your User (Safer, No Admin)

This change applies only to your own scripts and won’t affect other users on the same PC.

  1. Open Windows Terminal (or PowerShell as a normal user).
  2. Run Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force.
  3. Verify the change: Get-ExecutionPolicy -List shows all scopes in order of precedence.
  4. Run your script, then revert with Set-ExecutionPolicy Restricted -Scope CurrentUser.

Method 3 – One-Time Execution Without Changing Policy

Use this when you only need to run a single script and want zero permanent changes.

  1. Open PowerShell (normal, not admin).
  2. Run powershell.exe -noprofile -executionpolicy bypass -file .\YourScript.ps1.
  3. The script runs with full trust for that invocation only. No registry settings are touched.
Method Scope Requires Admin? Best For
Set-ExecutionPolicy RemoteSigned LocalMachine (all users) Yes Admin-managed machines, family PC
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser CurrentUser No Personal laptop, single-user workstation
-ExecutionPolicy Bypass flag Process (one session) No Running one specific installer or script

Common Mistakes That Break Script Execution

  • Not running PowerShell as Administrator. Set-ExecutionPolicy defaults to LocalMachine scope, which requires elevation. If you get an error, launch PowerShell with admin rights or use -Scope CurrentUser.
  • Leaving the policy at Unrestricted. This is a major security gap. Always revert to Restricted after your script finishes.
  • Ignoring the Mark of the Web. Scripts downloaded from the internet might be blocked even after changing the policy. Use Unblock-File .\script.ps1 first, or set policy to RemoteSigned which still requires a signature for remote files.
  • Domain or Group Policy overrides. If your PC is managed by an IT department, local policy changes may be reverted automatically on reboot. Check with your admin before making changes.

Reverting the Policy After Use

Returning the policy to Restricted is the most important step. Run Set-ExecutionPolicy Restricted (as admin) or Set-ExecutionPolicy Restricted -Scope CurrentUser and confirm. You can also verify with Get-ExecutionPolicy to ensure it shows Restricted.

Final Steps for Safe Script Execution in Windows 11

  1. Open PowerShell as administrator (or use -Scope CurrentUser for a user-only change).
  2. Set the policy to RemoteSigned using Set-ExecutionPolicy RemoteSigned.
  3. Run your script.
  4. Revert to Restricted immediately.
  5. If you only need one script, use the -ExecutionPolicy Bypass flag instead of changing global settings.

The whole process takes less than a minute, and following the revert step keeps your Windows 11 machine as secure as it was before.

References & Sources

Please use a real email you check. If it's fake or mistyped, your message won't reach us and we can't reply — wrong addresses are rejected automatically.