Running signed scripts across a domain
1 view
Skip to first unread message
Mike Leone
9:31 AM (3 hours ago) 9:31 AM
to NTPowershell Mailing List
I have a question. We run our own internal CA, and push the certs via GPO to all domain members. Pretty standard, for internal CA users. So now I've issued a couple code signing certificates for a couple uers, because we want to start ensuring only signed scripts are executed.
Am I correct in saying I need to push out my internal CA root cert (already done); my internal intermediate root CA cert (alredy done), and the code signing certs in the "Trusted Publushers" store to all domain members? And then we should be able to remotely execute a script signed by one of the code signing certs? Or running the signed script via a scheduled task?
What steps am I missing? I ask this before I get started. :-)
Is there a better way to prepare the domai for running signed scripts?
Thanks
Mike. Leone, <mailto:tur...@mike-leone.com>
PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos>
Michael B. Smith
9:38 AM (3 hours ago) 9:38 AM
to ntpowe...@googlegroups.com
The CA root and the intermediate should be in “Trusted Root Certification Authorities”. The code-signing certificate should be in “Trusted Publishers”.
--
You received this message because you are subscribed to the Google Groups "ntpowershell" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
ntpowershell...@googlegroups.com.
To view this discussion visit
https://groups.google.com/d/msgid/ntpowershell/CAHBr%2B%2Bhb1Uvq3LUfk8SYKnr9imSqJR9jceDJxsS3poY0uHy7YQ%40mail.gmail.com.
Mike Leone
9:40 AM (3 hours ago) 9:40 AM
to ntpowe...@googlegroups.com
On Thu, Apr 30, 2026 at 9:38 AM Michael B. Smith <mic...@smithcons.com> wrote:
The CA root and the intermediate should be in “Trusted Root Certification Authorities”.
Already have that ...
The code-signing certificate should be in “Trusted Publishers”.
AH HA! That's what I thought. Off to test .. (well, my co-worker, he's the one who needs to start doing this, right now)
Thanks!
To view this discussion visit https://groups.google.com/d/msgid/ntpowershell/46566eb2f9474712a81b15b9bc5de93f%40smithcons.com.
Reply all
Reply to author
Forward
0 new messages