Bypass vs Unrestricted execution policies
The difference is in the descriptions you gave in the question. Unrestricted allows you to indulge in the illusion that all computers run windows, only use NTFS, and only download things with browsers that save ADS. In fact, if you save a file in windows to a FAT filesystem or network share that isn't using NTFS on the server, or download it another way such as with git, powershell believes it is locally created no matter where it came from. Bypass doesn't check for any of this and just runs everything. Unrestricted is supposed to warn you of things it thinks might be dangerous but isn't able to reliably check or determine. Use whichever tickles your fancy.
PS> rm -path file.ps1 -stream zone.identifierDiscuss...
Per the comments, there should be no particular difference with how these execution policies behave. However Bypass
is intended to be used when you are temporarily changing the execution policy during a single run of Powershell.exe
, where as Unrestricted
is intended to be used if you wish to permanently change the setting for the execution policy for one of the system scopes (MachinePolicy, UserPolicy, Process, CurrentUser, LocalMachine).
Some examples:
You are on a system where you want to change the execution policy to be permanently unrestricted so that any user could run any PowerShell script without issue. You would run:
Set-ExecutionPolicy Unrestricted
You are on a system where the execution policy blocks your script, but you want to run it via PowerShell and ignore the execution policy when run. You would run:
powershell.exe .\yourscript.ps1 -executionpolicy bypass
You run Powershell.exe on a system where the execution policy blocks the execution of scripts, but you want to change this policy just for the life of the interactive powershell.exe session that you're in. You would run:
Set-ExecutionPolicy Bypass -Scope Process