Skip to content
Latchkey

Set-ExecutionPolicy: Run Scripts in Windows CI

Set-ExecutionPolicy Bypass -Scope Process lets a CI job run unsigned .ps1 scripts for the current process only, the standard fix for the "running scripts is disabled on this system" error.

PowerShell's execution policy blocks script files by default on some Windows configurations. In CI you want Bypass scoped to the process, not a permanent machine-wide change.

What it does

Set-ExecutionPolicy sets the policy that decides which scripts can run. Bypass allows everything with no warnings; RemoteSigned allows local scripts but requires downloaded ones to be signed. -Scope Process applies only to the current PowerShell process, leaving the machine settings untouched.

Common usage

PowerShell
# allow scripts for THIS process only (preferred in CI)
Set-ExecutionPolicy Bypass -Scope Process -Force

# or bypass for a single invocation, no state change
powershell -ExecutionPolicy Bypass -File .\build.ps1
pwsh -ExecutionPolicy Bypass -File .\build.ps1

Options

ArgumentWhat it does
BypassRun everything, no blocks or prompts
RemoteSignedLocal scripts run; downloaded must be signed
UnrestrictedRun all, but warn on downloaded scripts
-Scope ProcessApply only to the current process (recommended)
-Scope CurrentUser / LocalMachinePersist for the user or machine
-ForceSuppress the confirmation prompt

In CI

Prefer -ExecutionPolicy Bypass on the powershell/pwsh invocation or -Scope Process, so you never change machine-wide state on a shared or reused runner. Avoid Set-ExecutionPolicy -Scope LocalMachine, which persists and can surprise later jobs.

Common errors in CI

The triggering error is "File ...\build.ps1 cannot be loaded because running scripts is disabled on this system. ... see about_Execution_Policies"; fix it with Set-ExecutionPolicy Bypass -Scope Process -Force or by launching with -ExecutionPolicy Bypass. "Set-ExecutionPolicy : Access to the registry path is denied" means a LocalMachine-scope change without elevation; use -Scope Process instead, which needs no admin. "Security error" persisting means a Group Policy override that process scope cannot beat; use the per-invocation -ExecutionPolicy Bypass flag.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →