Hey folks, it's time to get your pens out because we're signing autographs! No, but really, today we're talking about how to sign your PowerShell scripts so no one can steal your genius-ness. You'll have proof it's not theirs and that you are, in fact, the Bill Nye the Science Guy of your office.
To get things started, Jordan and Kris first review execution policy and scope. Then, they'll discuss the importance of self-signed certificates and signing your scripts.
Execution policy and scope: 0:36
Self signed certificates: 3:23
Signing the Script: 11:04
Group Policy / Assign Execution Policy and Push Cert: 13:28
Set execution policy: 20:17
Question: Dear Powershell Gurus, can I use "Run Command" with PowerShell if my Execution-Policy is set to AllSigned? 20:48
Question: If I were to use a signed cert that wasn't self-signed, would I have to add it to trusted publishers in the GPO? 25:06
Question: Can you show where to configure group policy to require signed scripts? 27:23
Question: How can you use PKI to protect secure strings that need to be saved to disk using AES encryption? 28:15
Question: Is there a way to automate refreshing self-signed certs in Windows Server? 31:16
Question: Our anti-virus blocks PDQ Deploy scripts even though the actual script is signed because PDQ uses a wrapper.ps1 file. Any ideas? 33:20
Question: How do I force Deploy to run PS as _ise.exe as default and not Powershell.exe without converting to a Standard Package? 35:09
Question: How can you recursively sign all PS1 files in a directory? 39:02
Question: Can you explain why allowing unsigned scripts is dangerous if you are the only admin and all users are unprivileged non-admins? 40:07
We're glad you stuck around to review this webcast. Hopefully, now you know the why behind signing PowerShell scripts. Make sure you catch us next time, we're live every Thursday @ 10 am MST. Until then, cheers!