The documentation on the topic only provides this:
Unrestricted. Loads all configuration files and runs all scripts. If you run an unsigned script that was downloaded from the Internet, you are prompted for permission before it runs.
Bypass. Nothing is blocked and there are no warnings or prompts.
To me it seems like the two would accept any scripts, but to my surprise it's not the case. Bypass seems to block execution in some cases.
So, what is the difference between the two ?
The execution policy isn't a security system that restricts user actions. For example, users can easily bypass a policy by typing the script contents at the command line when they cannot run a script. Instead, the execution policy helps users to set basic rules and prevents them from violating them unintentionally.
Unrestricted. Beginning in PowerShell 6.0, this is the default execution policy for non-Windows computers and can't be changed. Loads all configuration files and runs all scripts. If you run an unsigned script that was downloaded from the internet, you're prompted for permission before it runs.
This policy is unsafe in any environment, and should be applied only when you know what you are doing. Also, keep in mind the scope at which you set this policy. More on this later in the post. The Unrestricted Execution Policy lets you run PowerShell scripts without any restrictions.
Per the comments, there should be no particular difference with how these execution policies behave. However Bypass
is intended to be used when you are temporarily changing the execution policy during a single run of Powershell.exe
, where as Unrestricted
is intended to be used if you wish to permanently change the setting for the execution policy for one of the system scopes (MachinePolicy, UserPolicy, Process, CurrentUser, LocalMachine).
Some examples:
You are on a system where you want to change the execution policy to be permanently unrestricted so that any user could run any PowerShell script without issue. You would run:
Set-ExecutionPolicy Unrestricted
You are on a system where the execution policy blocks your script, but you want to run it via PowerShell and ignore the execution policy when run. You would run:
powershell.exe .\yourscript.ps1 -executionpolicy bypass
You run Powershell.exe on a system where the execution policy blocks the execution of scripts, but you want to change this policy just for the life of the interactive powershell.exe session that you're in. You would run:
Set-ExecutionPolicy Bypass -Scope Process
The difference is in the descriptions you gave in the question. Unrestricted allows you to indulge in the illusion that all computers run windows, only use NTFS, and only download things with browsers that save ADS. In fact, if you save a file in windows to a FAT filesystem or network share that isn't using NTFS on the server, or download it another way such as with git, powershell believes it is locally created no matter where it came from. Bypass doesn't check for any of this and just runs everything. Unrestricted is supposed to warn you of things it thinks might be dangerous but isn't able to reliably check or determine. Use whichever tickles your fancy.
PS> rm -path file.ps1 -stream zone.identifierDiscuss...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With