Monday, March 4, 2013

Signing scripts, from now on

During the Lyncconf13, I was lucky enough to win a certificate from digicert in give away competition from the The UC Architects. It didn't take long to decide what to do with the gift. I decided to get a code signing certificate for my online scripts.

Now, you should be able to run the scripts directly by downloading them to your labs, without tampering with the script, it's security settings or your power shell security setting.

A benefit for me, is to see if the script has been tampered with if it does not work on a tested system. I decided to sign all my backup scripts, and I will also sign every new script I post on my blog.

As a side note: I was wondering if signing a lot of certificates was going to take a long time. I turned to power shell  and scripted it. What else "could" I do? It turned out to be quite easy, and done in a few minutes (writing the code, signing took seconds)

param ([Parameter(Mandatory=$true)][string]$folder,[string]$certvalue)

cd $folder

$cert = @(gci cert:\currentuser\my -codesigning)[$certvalue]
foreach ($scripts in (Get-ChildItem)){
Set-AuthenticodeSignature $scripts $cert}

All my backup scripts have been updated, so if you download these scripts now, they will be signed. (If your machine trusts Digicert, you should be in good shape.)

Here are two posts I used as reference: