記錄學習經過 Terminal上出現「因為這個系統上已停用指令碼執行,所以無法載入…」
9 min readOct 12, 2020
不論是跟著教學或是進行一些設定,常會在Teminal上輸入指令,而有時候會出現「因為這個系統上已停用指令碼執行,所以無法載入…」,找了一下解決方式之後,想說就來記錄一下
這個問題是因為Windows上的安全性設置,主要是避免執行了一些不安全的指令來源,因此在一般的狀況下 Windows 的執行原則 (Set-ExecutionPolicy) 預設是 Restricted
Windows PowerShell 的腳本檔上的執行原則有下列幾種:
(翻譯主要來自Google translate,加上一點修正)
AllSigned
- Scripts can run. ─ 腳本可以執行
- Requires that all scripts and configuration files be signed by a trusted publisher, including scripts that you write on the local computer. ─ 要求所有腳本和配置文件均由受信任的發布者簽名,包括本機上編寫的腳本。
- Prompts you before running scripts from publishers that you haven’t yet classified as trusted or untrusted. ─ 在運行尚未歸類為受信任或不受信任的發布者的腳本之前會提示您。
- Risks running signed, but malicious, scripts. ─ 運行帶有簽名但有惡意的腳本的風險。
- 即僅限經過可信任的發布者簽屬才可執行
Bypass
- Nothing is blocked and there are no warnings or prompts. ─ 不進行任何阻擋,亦沒有警告或提示
- This execution policy is designed for configurations in which a PowerShell script is built in to a larger application or for configurations in which PowerShell is the foundation for a program that has its own security model. ─ 此執行原則設計用於將PowerShell腳本內置到較大的應用程序中的配置,或者用於以PowerShell為具有自己的安全模型的程序的基礎的配置。
- 意思是供PowerShell使用
Default
- Sets the default execution policy. ─ 設置默認的執行原則。
- Restricted for Windows clients. ─ Windows客戶端採取Restricted原則
- RemoteSigned for Windows servers. ─ Windows servers端則採取RemoteSigned原則
- 即預設模式
RemoteSigned
- The default execution policy for Windows server computers. ─ Windows server計算機默認的執行原則
- Scripts can run. ─ 腳本可以執行
- Requires a digital signature from a trusted publisher on scripts and configuration files that are downloaded from the internet which includes email and instant messaging programs. ─ 需要從可信任的發布者處獲得從網路上下載的腳本和配置文件的電子簽名,其中包括電子郵件和即時通訊程式。
- Doesn’t require digital signatures on scripts that are written on the local computer and not downloaded from the internet. ─ 電子簽名不必在本機電腦上撰寫且並非從網路上下載
- Runs scripts that are downloaded from the internet and not signed, if the scripts are unblocked, such as by using the
Unblock-Filecmdlet. ─ 如果是從網路上下載且沒有被阻擋的腳本,如使用Unblock-Filecmdlet,仍然執行 - Risks running unsigned scripts from sources other than the internet and signed scripts that could be malicious. ─ 執行來自非由網路上取得的腳本或已簽屬但可能具有惡意的腳本
- 如果是本機電腦上撰寫的腳本檔案,不論是否簽屬,如果是來自遠端下載,則需經由可信任者處簽屬即可執行
Restricted
- The default execution policy for Windows client computers. ─ Windows客戶端計算機的默認執行原則。
- Permits individual commands, but does not allow scripts. ─ 允許使用個別指令,但不允許使用腳本。
- Prevents running of all script files, including formatting and configuration files (
.ps1xml), module script files (.psm1), and PowerShell profiles (.ps1). ─ 阻止所有腳本文件執行,包括格式和配置文件(.ps1xml),模組腳本文件(.psm1)和PowerShell配置文件(.ps1)。 - 只要是腳本文件,就不可執行,惟個別指令可以
Undefined
- There is no execution policy set in the current scope. ─ 未設置任何執行策略
- If the execution policy in all scopes is Undefined, the effective execution policy is Restricted for Windows clients and RemoteSigned for Windows Server. ─ 如果所有執行原則均為未定義,則Windows客戶端及Windows Server都採取默認,即對於Windows客戶端,有效的執行原則為“Restricted”;對於Windows Server,則為“RemoteSigned”。
Unrestricted
- The default execution policy for non-Windows computers and cannot be changed. ─ non-Windows計算機默認的執行原則,且不能被更改
- Unsigned scripts can run. There is a risk of running malicious scripts. ─ 未簽屬的腳本仍可執行,具執行含惡意腳本的風險
- Warns the user before running scripts and configuration files that are not from the local intranet zone. ─ 在非本地網域執行腳本和配置文件時警告使用者
- 即解除所有限制,惟在非本地網域執行時僅提醒使用者
查看目前的執行原則
在Terminal上輸入Get-ExecutionPolicy指令
另:輸入Get-ExecutionPolicy -List指令可以看到詳細的執行原則
接下來就是解決出現「因為這個系統上已停用指令碼執行,所以無法載入…」的問題
調整執行策略
輸入Set-ExecutionPolicy RemoteSigned指令
記得要用系統管理者身分執行Windows PowerShell,否則會這樣
輸入完指令後會出現執行原則變更的詢問
按 A 即可完成
變更完成!
變更的原則是RemoteSigned,算是較安全的原則
參考: