Hey folks, it's time to get your pens out because we're signing autographs! No, but really, today we're talking about how to sign your PowerShell scripts so no one can steal your genius-ness. You'll have proof it's not theirs and that you are, in fact, the Bill Nye of your office.
PowerShell and Execution Policy
To get things started, Jordan and Kris first review execution policy and scope. Then, they'll discuss the importance of self-signed certificates and signing your scripts.
Signing the Script: 11:04
Group Policy and Execution Policy
Question: Dear PowerShell Gurus, can I use "Run Command" with PowerShell if my Execution-Policy is set to AllSigned? 20:48
Question: If I were to use a signed cert that wasn't self-signed, would I have to add it to trusted publishers in the GPO? 25:06
Question: Can you show where to configure group policy to require signed scripts? 27:23
Question: How can you use PKI to protect secure strings that need to be saved to disk using AES encryption? 28:15
Question: Is there a way to automate refreshing self-signed certs in Windows Server? 31:16
Question: Our anti-virus blocks PDQ Deploy scripts even though the actual script is signed because PDQ uses a wrapper.ps1 file. Any ideas? 33:20
Question: How do I force Deploy to run PS as _ise.exe as default and not Powershell.exe without converting to a Standard Package? 35:09
Question: How can you recursively sign all PS1 files in a directory? 39:02
Question: Can you explain why allowing unsigned scripts is dangerous if you are the only admin and all users are unprivileged non-admins? 40:07
That's a Wrap
Alyssa was an employee at PDQ.