Powershell

Powershell script signing the easy way

Let's take a look at how to do powershell script signing the easy way by bypassing the execution policy as we call our powershell script code

So I wanted to throw a quick blog post out there on Powershell script signing the easy way. ย This is a little bit tongue and cheek on the post as I don’t want to detail how to sign powershell scripts but rather how not to have to do this. ย Let’s see how we can run scripts that you need automatically, and still maintain the powershell security on your box that you need. ย If you have looked into powershell script or code signing, you will see that it is fairly involved even if you use a self signed certificate. ย So how can we “sign” a script so that we can run it?

Powershell script signing the easy way

Well, the answer is that we don’t sign it. ย By using a scheduled task, we can essentially do what we need to do, bypass the executionpolicy for a particular script and leave security in place – all without signing the script. ย This is especially helpful if we are running this as part of an automatic job, etc that we want to run without user intervention.

Many forget when they need to automatically run powershell code that with a scheduled task you can pass the appropriate flags without having to call the script from a batch file, or some other means which often doesn’t work correctly. ย In the batch/cmd file of your choosing, you literally set the execution policy, run your script, and set the policy back. ย However, this can get messy.

Scheduled Task

By utilizing a scheduled task and theย arguments field, we can pass the appropriate flags to bypass the execution policy on a particular script. ย The scheduled task Action properties will look something like the following. ย Notice the Program/script section is calling the powershell executable.

C:WINDOWSsystem32WindowsPowerShellv1.0powershell.exe

Next let’s look at theย Add arguments (optional):ย field. ย This is where we do all the heavy lifting. ย Note below, we set the executionpolicy to Bypass and then feed it the .ps1 file.

-executionpolicy Bypass -file c:myfoldermy.ps1

The scheduled task action will look similar to this:

bypass01

Final Thoughts

Signing scripts is certainly a good idea when thinking about the total security implementation with Powershell. ย However, we can do “powershell script signing the easy way” by simply bypassing the powershell executionpolicy as we call the script.

Subscribe to VirtualizationHowto via Email ๐Ÿ””

Enter your email address to subscribe to this blog and receive notifications of new posts by email.



Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com, and a 7-time VMware vExpert, with over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, He has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family. Also, he goes through the effort of testing and troubleshooting issues, so you don't have to.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.