Execution policies

mikener · March 4, 2025, 8:55pm

I am new to Flutter. In addition, I am not a windows Guru. My background is in C#. Everytime I try to run Flutter through VS Code the following error comes up.

File C:\flutterdev\flutter\bin\internal\update_engine_version.ps1 cannot be loaded because running scripts is disabled on this system. For more information, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.

No matter how I set the execution policy I get the same error. I am hoping that someone can help me. This has prevented me from running an Android emulator.

Thanks in advance.

evaluator118 · March 5, 2025, 7:05pm

.ps1 is a PowerShell script. PowerShell is a shell (like bash) that uses .net to do what other shells do as a script. It is a VERY powerful shell and just because of this power, it can, literally, blow up your system, so there is this thing called Execution Policies that prevents you to run scripts that can be harmful.

In this case, the script is trying to run something with more permissions than you have available.

You could set the execution policy in an admin terminal with something like Set-ExecutionPolicy -ExecutionPolicy RemoteSigned. But I’m not sure Flutter’s team has signed those scripts.

These are the options: Set-ExecutionPolicy (Microsoft.PowerShell.Security) - PowerShell | Microsoft Learn

Be aware that disabling security is NEVER a good strategy (there are some Python scripts in github that uses white space to add malicious code outside the scroll area of GitHub, so, when you run the script, it will add a malware in your system)

That’s why you should NEVER do stuff like this (grabbing a shell script and just pasting on a terminal):

Sure, if do not run the terminal (or anything else) as admin, Windows is not so unsafe, but…

mikener · March 6, 2025, 3:26pm

Thanks for the response. I share the same concern that you do - that if I change the execution policy that I am opening up my computer to threats. What do you suggest to eliminate the error that I detailed in my original post?

Thanks

evaluator118 · March 6, 2025, 4:40pm

There isn’t much you can do, other than allow PS to execute scripts.

PS is a wonderful tool (as all Microsoft dev tools are), but it is stupid (as all Microsoft products are): it should have an option to set policies to a folder or to a file, but, no, it’s 8 or 80 (I guess the Internet Explorer “security” team worked on that).

evaluator118 · March 7, 2025, 7:55pm

Another solution (which I use for years now).

I just realized that those scripts are called only when upgrading Flutter, right?

If you use something like FVM (https://fvm.app/), you could replace your entire Flutter folder using:

fvm remove 3.29.0
fvm global 3.29.1

This will remove the old Flutter version and install a new one. You don’t NEED to actually use fvm run something, you can use it only to mantain different versions of flutter in the same machine.

I have an old project that doesn’t work on 3.27 onwards, so I have an old version of Flutter installed for that. Whenever I want to work on that project, I just do a fvm global 3.24.5 and we’re done. When I need to go back to my new projects, fvm global 3.29.1. It is possible to make Flutter run on a different flutter version per folder (I just never did that way).

And, BTW, install fvm through homebrew. The other methods never worked for me.

mikener · March 8, 2025, 9:38pm

Thanks. I do have the latest version of flutter and dart installed. It seems as if whenever you issue the flutter or dart command that the first thing it does is to want to upgrade. I am at a loss as to what I should do. It appears that the only way around this might be to change the execution policy.

I am not sure which scope to use (MachinePolicy, UserPolicy, Process, CurrentUser or LocalMachine). In addition I am not sure what execution policy to use (AllSigned, ByPass, Default, RemoteSigned, Restricted, Undefined or Unrestricted). I am afraid that if I open things up to this script improperly, that I am opening up my device to be attacked.

Thanks. I really do appreciate your help.

evaluator118 · March 9, 2025, 1:18am

MachinePolicy: Global setting for all users
UserPolicy: Setting for current user only
Process: only the current terminal/powershell instance
CurrentUser: only the current ayuthenticated user
LocalMachine: all users in the local machine

I would set unrestricted for CurrentUser. Never had any issues in all those years (also, I would never download and execute an untrusted script and/or binary - that’s why Windows Sandbox exists).

mikener · March 9, 2025, 4:34pm

Thank you for all your help. I really appreciate it.

At the bottom of this response is a list of the policy settings for my community. For some reason when I tried the change the you suggested one of previous policies overrode the change. I received the following error:

Set-ExecutionPolicy : Windows PowerShell updated your execution policy successfully, but the setting is overridden by
a policy defined at a more specific scope.

When I tried to set the execution policy for the Process scope (I assumed that the previous policy scope is Process), I got the same error so I tried the policy before that - the UserPolicy. I got the following error about the group policy:

Set-ExecutionPolicy : Cannot set execution policy. Execution policies at the MachinePolicy or UserPolicy scopes must
be set through Group Policy.

This stuff is very confusing. Tomorrow I am going to look at how to set the group policy.

   Scope ExecutionPolicy
    ----- ---------------

MachinePolicy Restricted
UserPolicy Undefined
Process Undefined
CurrentUser RemoteSigned
LocalMachine RemoteSigned

Thanks again.