Absolute newbee here and pumped up after watching an old course on MVA with Jeffrey Snover and Jason Helmick.
I'm trying to get my scripts to execute. The scripts were all working fine, the execution policy is set to remote signed and yesterday, I swear all was working fine. Today however I can't run the scripts. I tried the unblock-file and the block is gone. However, it's not working so I decided that having a selfsigned cert might help.
So I used the get-help command and came up with the following lines. If you could point me in the right direction or give me some advice I'd be very grateful.
New-SelfSignedCertificate -FriendlyName "CodesigningCertificate" -Type Custom -KeyAlgorithm RSA -KeyLength 2048 -KeyUsage CertSign -CertStoreLocation "cert:\localmachine\my" -subject "Christian Held"
I wanted to create the cert under cert:\localmachine\my
Then I tried this:
PS C:\scripts\my_scripts> $Mycert = dir Cert:\LocalMachine\My\4A5CEDDBE853388EF77184570B5C45D9A9807C7D PS C:\scripts\my_scripts> Set-AuthenticodeSignature .\get_latest_10_eventlog.ps1 -Certificate $Mycert
I think you're down a bit of a rabbit hole. If the scripts aren't running – what DOES happen? Do you get an error message, or does just literally nothing occur?
Self-signed certificates are the devil's testicles. Let's not play with them. They're not going to help, anyway.
You can create a SSC anywhere and just import it into the user or computer store.
You can do this on the fly, using the same cmdlet, but you need to specify it.
New-SelfsignedCertificateEx -Subject "CN=www.domain.com" -EKU "Server Authentication", "Client authentication" ` -KeyUsage "KeyEncipherment, DigitalSignature" -SAN "sub.domain.com","www.domain.com","192.168.1.1" ` -AllowSMIME -Path C:\test\ssl.pfx -Password (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force) -Exportable ` -StoreLocation "LocalMachine"
Hi Don / postanote
I honestly don't know what was up yesterday. I only tried my script np.ps1 which contained a simple set-alias command for notepad. I found that file to be empty and it said software was blocked. Unfortunately I didn't do a set-transcript to log it all.
But the fact is that after I populated the then empty???? np.ps1 file it worked! And as a matter of fact all other scripts are working fine too now without me having done anything else?
I used the command to unblock all files which I found during the MVA video yesterday and was shocked that powershell complained about the scripts not being able to run despite having set the policy to remote signed.
Fact is I can't tell you why it was doing that as all other scripts from the MVA course workied yesterday too. With certificates I think it's right with the rabbit hole. But I love going down that root. It should work since makecert apparently is deprecated and new-selfsignedcertificate is now supposed to be used.
Postanote, I'll check your command and see if that works for me.
Again thanks again for your quick and friendly answers.
You must be logged in to reply to this topic.