Understanding Powershell ExecutionPolicy and securing Powershell CmdLets/Scripts with Code-Signing Certificate

-

One of the great things about Powershell is that its powerful and at the same time very safe. Powershell script cannot be executed as is unless user provides permission to execute PS script/cmdlet/module. This is generally set through Powershell Execution Policy. There are four types of Execution Policy:

  • Allsigned
  • RemoteSigned
  • Restricted
  • Unrestricted
AllSigned - Scripts will run only if they have been signed by a trusted publisher.
RemoteSigned - Scripts created locally will run, but those downloaded from the Internet will not (unless they are digitally signed by a trusted publisher).
Restricted - Scripts won’t run.
Unrestricted - Scripts will run regardless of where they have come from and whether they are signed.

 Ideally, all PS scripts should be digitally signed by a code-signing certificate. But in case, you don't want to buy an expensive code-signing certificate from a Certification Authority (CA), you can create a Self-Signed certificate and then add it to your Trusted store. Generally, these are the steps you will need to execute to create a self-signed certificate.

myScript.ps1 is a simple Powershell scripts that only prints hello world to console.

But once the script is digitally signed, a signature is added at the end that the script is from trusted authority and there have been to modification to the original script.


Remember, you need to add your self-signed certificate to Trusted Root in your Windows. Generally,


  1. Open RUN type mmc 
  2. File > Add or Remove Snap-in..
  3. Select Certificate from snap-in menu, click Add (against my user account)
  4. Expand Certificate - Current User
  5. Expand Personal > Certificate
  6. Find you certificate in here (in this case its Imran Aftab Rana)
  7. Simply drag-n-drop it to Certificate - Current User > Certificate
Step 1:


Step 2.0:


Step 3:


Step 3:


Step 4, 5 & 6:


Step 7:


Step 7:


Finally, you can open Powershell in Administrator mode and run the script as follow:


The end result should look something like this:


Comments

  1. Kayal30 March 2019 at 02:31

    Nice content, It is definitely very helpful for my professional workers. I having many kinds of knowledge from your blog..
    Oracle Training in Chennai
    Oracle Training institute in chennai
    Tableau Training in Chennai
    Spark Training in Chennai
    Unix Training in Chennai
    Power BI Training in Chennai
    Oracle DBA Training in Chennai
    Oracle Training in Chennai
    Oracle Training institute in chennai

    ReplyDelete
  2. Reshma30 December 2019 at 04:19

    Thanks for this wonderful blog it is really informative to all.keep update more information about this
    Selenium Training in Chennai
    Selenium Training in Bangalore
    Selenium Training in Coimbatore
    Best selenium training in chennai
    Selenium Training Institute in Bangalore
    Selenium Classes in Coimbatore
    Ielts coaching in bangalore
    German classes in bangalore

    ReplyDelete
  3. Aishu26 July 2020 at 23:31

    I appreciate that you produced this wonderful article to help us get more knowledge about this topic. Keep sharing more blogs like this.
    IELTS Coaching in chennai

    German Classes in Chennai

    GRE Coaching Classes in Chennai

    TOEFL Coaching in Chennai

    spoken english classes in chennai | Communication training

    ReplyDelete
  4. Ali jan28 October 2020 at 12:18

    Other features include success matrices planning of the Salesforce communities that are further followed by participation and engagement levels based performance analysis. Salesforce interview questions and answers

    ReplyDelete
  5. thagukavi7 May 2021 at 07:57

    Amazing Post. keep update more information.
    IELTS Coaching in Chennai
    IELTS Coaching centre in Chennai
    IELTS Online Coaching
    IELTS Coaching in Coimbatore
    IELTS coaching in Madurai

    ReplyDelete
  6. Radhapraveen22 July 2021 at 01:37

    Such a nice blog with the attractive reference links which give the basic ideas on the topic.

    Artificial Intelligence Course in Chennai
    Best AI Courses Online
    Artificial Intelligence Course in Bangalore

    ReplyDelete
  7. Çağrı2132127 September 2023 at 01:04

    https://bayanlarsitesi.com/
    Göktürk
    Yenidoğan
    Şemsipaşa
    Çağlayan
    G31

    ReplyDelete
  8. TimeStormChaser1236 October 2023 at 17:36

    sakarya
    elazığ
    sinop
    siirt
    van
    OAVA

    ReplyDelete
  9. 1D396Laura1B45A9 November 2023 at 06:16

    0FC20
    buy deca durabolin
    Uşak Evden Eve Nakliyat
    Ordu Evden Eve Nakliyat
    order sustanon
    peptides for sale
    Karabük Evden Eve Nakliyat
    Bitlis Evden Eve Nakliyat
    Kütahya Evden Eve Nakliyat
    Maraş Evden Eve Nakliyat

    ReplyDelete
  10. 0F01ALarryB8C9B9 November 2023 at 08:43

    F0C16
    Van Şehir İçi Nakliyat
    Iğdır Evden Eve Nakliyat
    Aksaray Şehirler Arası Nakliyat
    Kırıkkale Şehir İçi Nakliyat
    Siirt Şehir İçi Nakliyat
    Şırnak Parça Eşya Taşıma
    Gölbaşı Parke Ustası
    Aksaray Evden Eve Nakliyat
    Trabzon Şehir İçi Nakliyat

    ReplyDelete
  11. 0C143Rocco255AD9 November 2023 at 14:46

    DB357
    Zonguldak Parça Eşya Taşıma
    Kilis Parça Eşya Taşıma
    Kripto Para Nedir
    Uşak Lojistik
    Manisa Parça Eşya Taşıma
    Artvin Evden Eve Nakliyat
    Kars Lojistik
    Niğde Şehir İçi Nakliyat
    Maraş Parça Eşya Taşıma

    ReplyDelete
  12. 583BAKennethB7F2324 December 2023 at 14:19

    A8CF5
    kırıkkale bedava sohbet uygulamaları
    ücretsiz görüntülü sohbet uygulamaları
    kayseri sohbet uygulamaları
    rize sesli görüntülü sohbet
    Çankırı En İyi Ücretsiz Sohbet Uygulamaları
    şırnak canlı görüntülü sohbet odaları
    antalya mobil sohbet odaları
    igdir canlı sohbet bedava
    van canli goruntulu sohbet siteleri

    ReplyDelete
  13. C1E57Celeste9657726 December 2023 at 09:30

    19F0E
    ücretsiz sohbet odaları
    aydın sohbet uygulamaları
    Giresun Görüntülü Sohbet Kızlarla
    Erzurum Canlı Sohbet Sitesi
    hakkari mobil sohbet sitesi
    telefonda görüntülü sohbet
    canlı sohbet bedava
    canlı sohbet odası
    kütahya canli goruntulu sohbet siteleri

    ReplyDelete
  14. 9A4A2Kaleigh5E9BD5 January 2024 at 09:27

    684B5
    Elazığ Sesli Sohbet Siteler
    Muş Goruntulu Sohbet
    aydın bedava görüntülü sohbet
    Aksaray Canli Sohbet Bedava
    antalya telefonda kadınlarla sohbet
    sesli sohbet siteleri
    sakarya parasız sohbet
    osmaniye canlı görüntülü sohbet odaları
    Karaman Chat Sohbet

    ReplyDelete
  15. C3BBFMaritza505366 January 2024 at 06:05

    47A4A
    Bitcoin Nasıl Çıkarılır
    Coin Üretme
    Chat Gpt Coin Hangi Borsada
    Facebook Grup Üyesi Hilesi
    Bitcoin Üretme Siteleri
    Telegram Görüntüleme Hilesi
    Bee Coin Hangi Borsada
    Telegram Abone Satın Al
    Görüntülü Sohbet

    ReplyDelete
  16. 956BBShannon3FDC06 January 2024 at 07:32

    DA420
    Tiktok Takipçi Hilesi
    Bitcoin Kazanma
    Facebook Takipçi Satın Al
    Periscope Takipçi Hilesi
    Bitcoin Kazanma
    Referans Kimliği Nedir
    Coin Para Kazanma
    Binance Referans Kodu
    Big Wolf Coin Hangi Borsada

    ReplyDelete
  17. 41DA5Samuel4456319 January 2024 at 00:45

    3B463
    Pitbull Coin Hangi Borsada
    Coin Madenciliği Nedir
    Telcoin Coin Hangi Borsada
    Anc Coin Hangi Borsada
    Onlyfans Beğeni Hilesi
    Referans Kimliği Nedir
    Snapchat Takipçi Satın Al
    Referans Kimliği Nedir
    Paribu Borsası Güvenilir mi

    ReplyDelete
  18. ------Takipci3 March 2024 at 03:12

    A0483
    bitexen
    bitget
    kripto para telegram
    kripto para telegram grupları
    kucoin
    vindax
    mexc
    bitcoin ne zaman yükselir
    mobil proxy 4g

    ReplyDelete
  19. 84C61AlanaC9F2B10 May 2024 at 16:06

    47EDE
    Bitcoin Son Dakika Haberleri
    Ftm Coin Yorum
    Bitcoin Yorum
    Lazio Coin Yorum
    Link Coin Yorum
    Eth Coin Yorum
    Fet Coin Yorum
    Ankr Coin Yorum
    BTC Son Dakika Haberleri

    ReplyDelete

Post a Comment

Popular posts from this blog

Implementing Basic and JWT Token authentication with C# .NET

-
Image
Authentication is probably the first thing you will encounter when building a secure Enterprise application and understanding how you can authenticate your application with different authentication protocols including third party authentication flows is really important. Whether you are building an app with ASP.NET, ASP.NET Core, WPF, UWP, Xamarin.Forms Xamarin Android, Xamarin iOS or .NET Core , all these frameworks provides client side networking libraries managed under System.NET namespace. Among all the classes  HttpClient has significant important. It can handle both HTTP and HTTPS connections. The beauty of this class is that it provides both hight level api and low level modification options to work with HTTP connections and you can make any modification  within the pipeline like handling HTTP message request/response, filtering, certificates, authorization and much more. In a nutshell, over HTTP most of the times you will work with two kinds of authentication: 1) Basi
Read more

Setting up Free Custom Domain on Microsoft Azure Web App Service

-
Image
In this blog, we will see how we can get a free domain, create a web app on Microsoft Azure and configure a custom domain on it.We will look into following things: Registering a free domain with  Freenom Creating a Web App in  Microsoft Azure   Configuring a custom domain on Microsoft Azure Web Apps Registering CName and A records on Domain Host-name provider (Freenom) Create and deploy ASP.NET web application on Microsoft Azure Web App through Publish Profile Register Free Domain (.tk) Getting a free domain is not a myth, you can easily obtain a free domain from  Freenom . It provides domains of .tk, .ml, .ga, .cf and .gq host names. The procedure is as follow: Goto  Freenom  and search for the domain name (here I have searched breakthrough77). Search results show availability of name in different domain types. As we can see (as of now) there are five domains available for free. Click on Get it now . After selecting domain, click on Checkout . We can
Read more

.NET Core 3 officially comes to Windows IoT Core

-
Image
Finally, the wait is over! Microsoft announced to support .NET Core on Windows ARM32 devices which means .NET Core will be fully supported on Windows 10 IoT Core. Although there have been few hacks to run .Net Core on Windows 10 IoT Core by the support of community  here  which makes .Net Core runtime component available on Windows IoT Core but the SDK was not available so any DLR features were not available nor you could build .NET Core application from within Windows 10 IoT Core. Here is the step-by-step guide on how to create and run .NET Core 3 apps on Windows 10 IoT Core. Step 1: Download .NET Core 3 preview 2 SDK from  here . Step 2: Extract the SDK zip file in C:\Program Files\dotnet\  directory on Windows 10 IoT Core through ftp service ( on windows go to  RUN then type  \\{ip-address}\c$ where{ip-address} is the ip address of windows iot core). Step 3: Open Powershell  in administrator  mode, initialize a Powershell session with your Windows IoT core device an
Read more

Setting up CI and CD pipeline in Azure DevOps for ASP.NET Core and Azure Web Apps

-
Image
In the last post I talked about Azure DevOps , now we will look into a practical use case of Azure DevOps where we will setup a complete continuous integration (CI) and continuous deployment/delivery(CD) pipeline for a ASP.NET Core project hosted on Azure Web Apps . We will host our project solution on Azure Repo . The basic idea is that we will create an Azure Web app, setup our project on Azure Repo, create CD & CD pipeline on Azure DevOps, and see things in action when we push our code to master branch. Let's get started: Open Azure portal  and go to App Services and click on Create app service .  From the Marketplace templates, choose Web App . Click Create . Choose an app service name that is available, select OS be Windows, Publish by code, then choose an app service plan that fits your budget and click Create . Once the service is deployed, you will get a ntoification, open it and click Go to resource . Here you can see live l
Read more

Microsoft Azure DevOps : A Complete CI & CD solution in the cloud

-
Image
Microsoft announced Azure DevOps in last Quater of 2018. When it comes to project planning, project management, continuous integration (CI) and continuous delivery/deployment (CD) for agile practices, DevOps has always been a hot topic  so Microsoft decided to take the lead with a powerful cloud platform that makes everything available in a single place. No matter what platform or language or repository system your solution is, Azure DevOps got you covered with tools that work cross-platform. The services provided by Azure DevOps help developers build high quality software faster. The core services provided are:  Azure Pipelines Azure Boards Azure Artifacts Azure Repos Azure Test Plans Azure Pipelines Azure DevOps provides Azure pipelines to manage CI/CD tasks that supports any language, platform, and cloud. You can connect to a any Git repository and setup CI/CD workflow. Azure DevOps makes it incredibly easy to setup building, testing, and deployment workflow to
Read more

Microsoft Azure Blob Storage - Managing Blobs and storage containers from C#

-
Image
This is the part two of Microsoft Azure Blob Storage where we will look into managing Microsoft Azure Blobs from C# and .NET. For this blog, we are going to keep this pretty simple. We will create a new .net console application and add two Nugget packages that make it super easy to work with Microsoft Azure Blobs. Include these two Nugget Packages: WindowsAzure.Storage Microsoft.WindowsAzure.ConfigurationManager Obtain Access keys from Azure Portal  Add it Access Key to App.Config Include Microsoft Azure Storage namespaces using Microsoft.Azure; using Microsoft.WindowsAzure.Storage; using Microsoft.WindowsAzure.Storage.Blob; Add a Container in Azure Blob Storage from C# var storageAccount = CloudStorageAccount.Parse(                 CloudConfigurationManager.GetSetting("AzureStorageConnection")); var blobClient = storageAccount.CreateCloudBlobClient(); var container = blobClient.GetContainerReference("mycontainer"); container
Read more

Xamrin Android Push Notification using Firebase Cloud Messaging

-
Image
Create a   New Project . Select   Single-View App (Android)  under  Installed > Visual > C# >Android Open   AndroidManifest.xml  file under your Android project's Properties Copy value of  package  attribute in  manifest  tag Open your browser and goto  https://console.firebase.google.com   . Sign-in with your  Google  acoount create a new one Click on  Add Project . Choose a project name. Here, the name is  PushNotificationGCM Click on  Add Firebase to your Android App Paste the package name copied in Step 3 and click  Register App Click on  Download google-services.json  and click continue Copy  google-services.json  file into Android project Include  google-services.json  file   into Project's Solution by clicking  View All Files  in Solution Explorer tab, Right-click  google-services.json  file and click  Include In Project Right-click Android project and click  Manage Nuget Packages Click on  Browse  tab, search for  Xamarin.GooglePlayServices.Base
Read more

Securing Powershell Scripts with Code-Signing Certificate

-
Image
Ideally, all Powershell scripts should be signed by a code signing certificate by a certificate authority that is trusted by the host machine. You can also sign you Powershell script with a a self-signed code-signing certificate. You don't need any other tools like make cert to sign your Powershell script to generate self-signed code-signing certificate because Powershell has a built-in cmdlet ( New-SelfSignedCertificate ) to generate it. Create a Self-Signed Code-Signing Certificate with Powershell CmdLet $subject = "Imran Aftab Rana”  $cert = New-SelfSignedCertificate -Subject $subject -Type CodeSigningCert -CertStoreLocation cert:\LocalMachine\My The above cmdlet creates a self-signed code-signing certificate and places it in Local Machine Personal certificate store. Export a Code-Signing Certificate with Powershell CmdLet You can also export the certificate into a .p7b  file and import it into another system or within same machine. Export-Certificate -C
Read more

Fundamental of Powershell Scripting

-
Image
As a developer/programmer, if you have developed expertise in one programming language - learning another is just about understanding the syntax, the rest of the concepts are similar among all languages. So to get started developing automation scripts for Powershell , here are the things you care about: Read input & write output Data Types Operators Conditional Statements Looping Statement Functions  Object oriented scripting Read input & write output Output to console: Lets start with "Hello World!", in powershell there are two ways to output to console: Write-Host Write-Output The second one (Write-Output) is more preferred way to write to console as it does not destroy pipeline inputs.  You can find the code here Input from console: Reading inputs from console is super easy in powershell. Find the code above on my Github Gist here . Data Types Powershell is based on .NET Framework (and Powershell Core on .NET Core)
Read more