Introduction to Windows PowerShell Part 1
Introduction to Windows PowerShell Part 2
Introduction to Windows PowerShell Part 3
PowerShell Script Signing
PowerShell Scheduled Tasks
PowerShell Networking Tasks
Powershell Advanced Tutorials
Anyone just starting out with PowerShell has probably tried to run a script only to see this error:
echo get-help > test.ps1 test.ps1 .\test.ps1 File C:\scripts\test.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see "get-help about_signing" for more details.As part of PowerShell's "secure by default" initial setup, scripts are not allowed to be ran by the command interpreter. This behavior can be modified by changing the PowerShell execution policy. There are four execution polices to choose from.
PS C:\scripts> Get-ExecutionPolicy Restricted PS C:\scripts> Set-ExecutionPolicy RemoteSigned PS C:\scripts> Get-ExecutionPolicy RemoteSignedDetailed information about each policy level can be found in the get-help about_signing help file.
C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0>makecert -n "CN=PowerShell Local Certificate Root" -a sha1 ` -eku 126.96.36.199.188.8.131.52.3 -r -sv root.pvk root.cer ` -ss Root -sr localMachine C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0>makecert -pe -n "CN=PowerShell User" -ss MY -a sha1 ` -eku 184.108.40.206.220.127.116.11.3 -iv root.pvk -ic root.cerAfter running these commands you will be prompted to provide passwords. There are a number of ways to determine if the cert was created correctly including looking in the Certificated snap-in MMC or running the following PowerShell command (includes output):
PS C:\scripts> get-childitem cert:\CurrentUser\My -codesigning Directory: Microsoft.PowerShell.Security\Certificate::CurrentUser\My Thumbprint Subject ---------- ------- 1A06757DE2EA2AA89D5CCB7E5730ED090D92D88E CN=PowerShell UserSign the Script
echo get-location > signed-script.ps1We now have our one line script created, let's sign it.
$cert = @(Get-ChildItem cert:\CurrentUser\My -codesigning) Set-AuthenticodeSignature signed-script.ps1 $cert Directory: C:\scripts SignerCertificate Status Path ----------------- ------ ---- 1A06757DE2EA2AA89D5CCB7E5730ED090D92D88E Valid signed-script.ps1Hey, that was easy. If you open up your script file in an editor you'll notice that it now has a large signature block section in it. Use Get-AuthenticodeSignature to see the file's new signature details.