Enabling script execution

The PowerShell execution policy is the setting that determines the type of PowerShell scripts that can be run on the system. I noticed that by default, PowerShell is configured to prevent the execution of the scripts on Windows, whereas this is unrestricted on Linux. The execution policy is never meant to be a security control for IT admin and developers; however, it is just a precautionary measure for them not to shoot themselves in their feet. That is why there are several ways to bypass the policy in PowerShell.

Windows PowerShell execution policies are as follows. I feel Linux will be always set as Unrestricted. All these policies are meant for the Windows PowerShell environment. Likewise, for other platforms, I am not sure how these policies are treated. There is no clear documentation on the usage of these policies on other platforms. But overall, for the sake of information, I have outlined the purposes of each known execution policy on the Windows platform:

• Restricted: This is the default execution policy on most of the Windows systems. This policy setting allows you to run individual cmdlets but not scripts.
• RemoteSigned: This policy requires the digital signature from a trusted publisher on scripts and configuration files that are downloaded from the internet. If you have written the script locally, it can run on the local machine. Running locally does not require any digital signature with this policy. This is the one recommended for AWS Tools for PowerShell.
• Unrestricted: As the name implies, there is no restriction as such. You can run local or any scripts downloaded from the internet. Setting the execution policy to Unrestricted will risk running malicious code. Hence, never plan to set this in your production environment.
• AllSigned: In many IT shops, setting the execution policy to AllSigned is the ultimate goal. This policy requires a digital signature from the trusted publisher on scripts and configuration files that are downloaded from the internet as well as any scripts that you run locally.
• Bypass: This policy means nothing is blocked and there are no warnings generated. This execution policy is designed for configurations in which a Windows PowerShell script is built into a larger application, or for configurations in which Windows PowerShell is the foundation for a program that has its own security model.
• Undefined: Setting this means that there is no execution policy in the current scope. If the execution policy in all the scopes is Undefined, the effective execution policy is Restricted, which is the default execution policy.

The execution policy can be set at the different levels. It is also important to understand the scope of the execution policy as well. The execution policy can be set at Process
, CurrentUser, and LocalMachine or at the group level in Windows. LocalMachine is the default when setting an execution policy in PowerShell.

You can view the current execution policy setting with scope as follows:

PS C:\>Get-ExecutionPolicy -List | Format-Table -AutoSize

In order to change the execution policy to RemoteSigned, you can use this:

PS C:\>Set-ExecutionPolicy RemoteSigned
PS C:\>Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

Note that you need to start PowerShell using the administrator credential in Windows PowerShell in order to change the policy. If you are running PowerShell 6.0, the AWSPowerShell.NetCore module is loaded automatically whenever you run one of the AWS cmdlets. This lets you use the AWS cmdlets interactively, even if the execution policy on your system is set to disallow the script execution.