Set-ExecutionPolicy: Run Scripts in Windows CI
Set-ExecutionPolicy Bypass -Scope Process lets a CI job run unsigned .ps1 scripts for the current process only, the standard fix for the "running scripts is disabled on this system" error.
PowerShell's execution policy blocks script files by default on some Windows configurations. In CI you want Bypass scoped to the process, not a permanent machine-wide change.
What it does
Set-ExecutionPolicy sets the policy that decides which scripts can run. Bypass allows everything with no warnings; RemoteSigned allows local scripts but requires downloaded ones to be signed. -Scope Process applies only to the current PowerShell process, leaving the machine settings untouched.
Common usage
# allow scripts for THIS process only (preferred in CI)
Set-ExecutionPolicy Bypass -Scope Process -Force
# or bypass for a single invocation, no state change
powershell -ExecutionPolicy Bypass -File .\build.ps1
pwsh -ExecutionPolicy Bypass -File .\build.ps1Options
| Argument | What it does |
|---|---|
| Bypass | Run everything, no blocks or prompts |
| RemoteSigned | Local scripts run; downloaded must be signed |
| Unrestricted | Run all, but warn on downloaded scripts |
| -Scope Process | Apply only to the current process (recommended) |
| -Scope CurrentUser / LocalMachine | Persist for the user or machine |
| -Force | Suppress the confirmation prompt |
In CI
Prefer -ExecutionPolicy Bypass on the powershell/pwsh invocation or -Scope Process, so you never change machine-wide state on a shared or reused runner. Avoid Set-ExecutionPolicy -Scope LocalMachine, which persists and can surprise later jobs.
Common errors in CI
The triggering error is "File ...\build.ps1 cannot be loaded because running scripts is disabled on this system. ... see about_Execution_Policies"; fix it with Set-ExecutionPolicy Bypass -Scope Process -Force or by launching with -ExecutionPolicy Bypass. "Set-ExecutionPolicy : Access to the registry path is denied" means a LocalMachine-scope change without elevation; use -Scope Process instead, which needs no admin. "Security error" persisting means a Group Policy override that process scope cannot beat; use the per-invocation -ExecutionPolicy Bypass flag.