How to Run PowerShell Script as Administrator with Unrestricted Execution Policy

Learn how to run a PowerShell script as administrator with unrestricted execution policy in your Active Directory domain.

PowerShell is a powerful scripting language that can automate various tasks and manage different aspects of Windows systems. However, PowerShell also has some security features that can prevent you from running scripts that are not trusted or signed. One of these features is the execution policy, which determines how PowerShell handles scripts and configuration files.

The execution policy can be set at different scopes, such as LocalMachine, CurrentUser, Process, or Group Policy. The default execution policy for LocalMachine is Restricted, which means that PowerShell does not run any scripts, except for those that are built into Windows. To run a script that you have created or downloaded, you need to change the execution policy to a less restrictive one, such as RemoteSigned, AllSigned, or Unrestricted.

However, changing the execution policy for LocalMachine affects all users and scripts on the computer, which may not be desirable or secure. For example, if you set the execution policy to Unrestricted, you are allowing any script to run, regardless of its source or signature. This could expose your system to malicious or harmful scripts that could compromise your data or settings.

In this article, we will show you how to run a PowerShell script as administrator with unrestricted execution policy in your Active Directory domain, without changing the execution policy for LocalMachine. This way, you can run a specific script that you trust, without affecting other scripts or users on the computer.

Table of Contents

How to run a PowerShell script as administrator with unrestricted execution policy
Frequently Asked Questions (FAQs)
Question: What is the difference between the execution policies?
Question: How can I sign a PowerShell script?
Question: How can I run a PowerShell script as a scheduled task?
Summary

How to run a PowerShell script as administrator with unrestricted execution policy

To run a PowerShell script as administrator with unrestricted execution policy, you need to use the following steps:

Open an elevated PowerShell window by right-clicking on the PowerShell icon and selecting Run as Administrator.
Use the Set-ExecutionPolicy cmdlet with the -Scope parameter to change the execution policy for the current process. For example, type the following command and press Enter:
```
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted
```
This will set the execution policy to Unrestricted for the current PowerShell session only. You can verify the execution policy by using the Get-ExecutionPolicy cmdlet with the -List parameter.
Use the Invoke-Command cmdlet with the -ScriptBlock parameter to run the script that you want. For example, type the following command and press Enter:
```
Invoke-Command -ScriptBlock {& "C:\Common\Scripts\hello.ps1"}
```
This will run the script hello.ps1 from the specified path. You can also use a variable or a parameter to store the script path and pass it to the Invoke-Command cmdlet.
Close the PowerShell window when you are done with the script. The execution policy for the current process will be discarded, and the execution policy for LocalMachine will remain unchanged.

Frequently Asked Questions (FAQs)

Question: What is the difference between the execution policies?

Answer: The execution policies are:

Restricted: Does not run any scripts, except for those that are built into Windows.
AllSigned: Runs only scripts that are signed by a trusted publisher, including those that you write on the local computer.
RemoteSigned: Runs scripts that are signed by a trusted publisher or that are not downloaded from the Internet. Scripts that you write on the local computer do not need to be signed.
Unrestricted: Runs any scripts, regardless of their source or signature. This is the least secure execution policy and should be used with caution.

Question: How can I sign a PowerShell script?

Answer: To sign a PowerShell script, you need to have a code signing certificate from a trusted certificate authority (CA). You can obtain a certificate from a public CA, such as DigiCert or VeriSign, or from an internal CA in your organization. You also need to have the PowerShell Community Extensions (PSCX) module installed on your computer. Then, you can use the Set-AuthenticodeSignature cmdlet to sign a script with your certificate. For example, type the following command and press Enter:

```powershell
Set-AuthenticodeSignature -FilePath "C:\Common\Scripts\hello.ps1" -Certificate (Get-PfxCertificate -FilePath "C:\Common\Certs\MyCert.pfx")
```

This will sign the script hello.ps1 with the certificate MyCert.pfx from the specified path. You can also use the Get-AuthenticodeSignature cmdlet to verify the signature of a script.

Question: How can I run a PowerShell script as a scheduled task?

Answer: To run a PowerShell script as a scheduled task, you need to use the Task Scheduler application in Windows. You can create a new task and configure the following settings:

On the General tab, select Run whether user is logged on or not and Run with highest privileges

On the Triggers tab, select the schedule that you want for the task, such as daily, weekly, or monthly
On the Actions tab, select Start a program as the action and enter the following details:
- Program/script: powershell.exe
- Add arguments: -ExecutionPolicy Bypass -File “C:\Common\Scripts\hello.ps1”
- Start in: C:\Common\Scripts
On the Conditions tab, select any conditions that you want for the task, such as whether the computer is on AC power or idle
On the Settings tab, select any settings that you want for the task, such as whether to run the task as soon as possible after a scheduled start is missed or whether to stop the task if it runs longer than a specified time

Summary

In this article, we have shown you how to run a PowerShell script as administrator with unrestricted execution policy in your Active Directory domain. This can be useful if you need to run a specific script that you trust, without changing the execution policy for LocalMachine. We have also explained the difference between the execution policies, how to sign a PowerShell script, and how to run a PowerShell script as a scheduled task. We hope that this article has been helpful and informative for you.

Disclaimer: The information in this article is provided “as is” without warranty of any kind. The author and the publisher disclaim any liability for any direct, indirect, incidental, consequential, or special damages that may result from the use of or inability to use the information or scripts provided in this article. The author and the publisher make no representations or warranties with respect to the accuracy or completeness of the contents of this article and reserve the right to make changes to the information and scripts at any time without notice. The user of this article assumes all responsibility for the use of the information and scripts provided in this article. The user should always test the scripts in a non-production environment before using them in a production environment. The user should also follow the best practices and security guidelines for PowerShell and Active Directory. The user should consult the official documentation and online resources for PowerShell and Active Directory for more information and guidance.