Errata
- Controls how scripts run
- Options are variations on whether local or remote-originating scripts are signed
get-executionpolicy -list
- AllSigned: Local and Remote scripts must be signed.
- Bypass: Allow everything without consideration to signing. Effectively "off"
- Default: Restricted for Win PC's, RemoteSigned for WinServers
- RemoteSigned: unsigned local, signed remote (or unblocked)
- Restricted: no scripts, only commands. Signing not considered.
- Undefined: If all scopes, becomes default
- Unrestricted Default for non-win. Warns when not from local intra.
Scopes:
- MachinePolicy - group policy all users
- UserPolicy - group policy current user
- Process - current PS session
- Currentuser - Current user
- LocalMachine - all users
Execution policy is not Security
"PowerShell generates a terminating error when the content of an expression, script, or script block violates basic best-practice coding rules."
In other words, it'll ruin your day if you don't follow PS best practices. The primary example I'm aware of is trying to operate on a non-existent variable. You can turn this off with set-executionpolicy -off
, but it's a good idea to try to keep it on (see below script to add to PS profile). This is disabled by default.
3.0
- Prohibits references to uninitialized variables. This includes uninitialized variables in strings.
- Prohibits references to non-existent properties of an object.
- Prohibits function calls that use the syntax for calling methods.
- Prohibit out of bounds or unresolvable array indexes.
Latest
- Selects the latest version available. The latest version is the most strict. Use this value to make sure that scripts use the strictest available version, even when new versions are added to PowerShell.
set-strictmode -latest
Set for all PS sessions