PowerShell: How to digitally sign PowerShell scripts

Home/PowerShell/PowerShell: How to digitally sign PowerShell scripts

PowerShell: How to digitally sign PowerShell scripts

If your environment has high PowerShell security, so only digitally signed scripts can run on the systems? The easy way is to digitally sign your PowerShell scripts, so they are allowed to execute on the systems.

This guide does not include instructions, on how to create a certificate or how to distribute them to client computers.  So before you can continue and use the script below, you need to create a certificate and install it on your client/ clients.

The script below will add a certificate from your certificate store to a specified PowerShell script.
The first line creates a variable that holds the specified certificate  (replace the orange text with your own certificate path)
The second line will digitally sign the specified PowerShell script, with the certificate from the variable on line one. (replace the orange text with your own PowerShell script path)
Third line show information about the signing information from the PowerShell script. (replace the orange text with your own PowerShell script path)

All text in orange should be replaced with your own certificate and PowerShell script.

$acert =(dir <span style="color: #ff9900;">Cert:\CurrentUser\My -CodeSigningCert</span>)[0]
Set-AuthenticodeSignature <span style="color: #ff9900;">.\delete-sccm-client-cache.ps1 </span>-Certificate $acert
Get-AuthenticodeSignature <span style="color: #ff9900;">.\delete-sccm-client-cache.ps1</span> | ft -AutoSize

About the Author:

Leave A Comment