While setting my ExecutionPolicy to Unrestricted, I got the following error:
Set-ExecutionPolicy : Windows PowerShell updated your execution policy successfully, but the setting is overridden by a policy defined at a more specific scope. Due to the override, your shell will retain its current effective execution policy of Restricted.
I was trying to run the command
Set-ExecutionPolicy -ExecutionPolicy Unrestricted
But that didn’t work out well.
Troubleshoot the setting is overridden by a policy
Luckily the error also gave me some hints:
Type “Get-ExecutionPolicy -List” to view your execution policy settings.
When I ran that command, it returned:
PowerShell contains multiple scopes. Each scope has its preference. As long as a Scope is set to Undefined, it won’t hinder. But ifa more specific scope is configured, that scope’s execution policy wins.
Fix Windows PowerShell setting is overridden
To fix Windows PowerShell setting is overridden, I had to set the ExecutionPolicy of the CurrentUser to Unrestricted (or Undefined). To do so, run this cmdlet in Powershell:
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser
Set-ExecutionPolicy -ExecutionPolicy Undefined -Scope CurrentUser
Error Windows PowerShell updated your execution policy successfully, but the setting is overridden by a policy defined at a more specific scope didn’t show up anymore.
In your case, another Scope may be set to Restricted. Replace the scope name if needed. For example:
Set-ExecutionPolicy -ExecutionPolicy Undefined -Scope Process
A final note about winning policies
The most specific scope wins, but it also overrides the less specific scope.
It’s different from setting NTFS permissions for example. In NTFS, a combination of Deny Access on a user, and Allow Access to a group, will result in a Deny. Because Deny always wins.
In Powershell’s execution policy, a combination of CurrentUser Unrestricted, and LocalMachine Restricted, will result in an Unrestricted policy.
The default setting of ExecutionPolicies is Undefined for all, except for LocalMachine. That should be set to Restricted. Which can then lead to other errors as I described in a previous post
Setting the LocalMachine policy only would be my advice. It is often not needed to define multiple levels.