How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 4

Go to >> Part-1:Install ADCS service and configure Code Signing Certificate Template
Go to >> Part-2: Request the certificate to sign the script by user1
Go to >> Part-3: Configure GPO to allow only signed scripts and add user1’s certificate to trusted publisher group on domain computers

Now, it’s time to test running the script. Let’s say user2 has recently joined to your company and try to run some script downloaded from internet on Node-2 computer which is a newly domain joined computer. Also, don’t forget to “gpupdate” on client computers after your GPO is changed. Continue reading “How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 4”

How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 3

3) Configure GPO to allow only signed scripts and add user1’s certificate to trusted publisher group on domain computers
Go to >> Part-1:Install ADCS service and configure Code Signing Certificate Template
Go to >> Part-2: Request the certificate to sign the script by user1
Go to >> Part-4: Run the test scripts

In Part-2, we have signed the script with user1’s certificate. There are some manual works such as adding user1 certificate to trusted publisher group. Let us see how can we automate this process by using GPO.

First of all, we need to export user1 certificate from Node1 computer’s personal store to DC1 computer where we can distribute this certificate via Group Policy. Continue reading “How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 3”

How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 2

2) Request the certificate the sign the script by user1
Go to >> Part-1:Install ADCS service and configure Code Signing Certificate Template
Go to >> Part-3: Configure GPO to allow only signed scripts and add user1’s certificate to trusted publisher group on domain computers
Go to >> Part-4: Run the test scripts

In the Part-1, we have configured AD CS role and configure certificate template. Now, it’s time that user1 request his certificate and sign his script. On the Node-1 computer with user1 logged on as domain user: Continue reading “How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 2”

How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 1

Go to >> Part-2: Request the certificate the sign the script by user1
Go to >> Part-3: Configure GPO to allow only signed scripts and add user1’s certificate to trusted publisher group on domain computers
Go to >> Part-4: Run the test scripts

This is a lengthy post of how to digitally sign your powershell script, so I divide it up to 4 sections.  Digitally signing of powershell script, for the security purpose, is particularly useful to prevent the execution of malicious scripts on servers or workstations in your domain environment. Today, I will show you how to sign your powershell scripts from Microsoft CA and use GPO to control the execution of unsigned scripts in domain environment. Continue reading “How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 1”