I work for an outsourcing company. We are trying to introduce Powershell Remoting and punch holes through the appliance firewalls in between different subnets.
However there is one major requirement. That is they want to be absolutely sure that the scripts that are running on it have a signed certificate. The concern that they have is that people can use Bypass to get passed that. Is there anyway that we can remove that?
Thanks Don for replying. Lets say they create a scheduled task to say 'powershell.exe -bypass ...' Our clients security team are saying that they dont want to turn on remoting if the bypass option. I thought about using the GPO to set it.
When I say 'it' I mean the remote endpoints. Not the local machines
There are lots of ways to "bypass" execution policy that do not involve using the -bypass parameter. In the end, execution policy is not there to be a security mechanisim to protect you against rogue admins that will not follow the corporate policy.