I am trying to sign a simple script to show my students. When I sign the script, which I created in Notepad, I get an unknown error using Set-AuthicodeSignature. When I look at the script after trying to sign in Notepad is shows a signature block. When I try to run it says the PowerShell says the script is not signed. I am using an executionpolicy of AllSigned. Any suggestions? The script runs fine if I set the executionpolicy of Unrestricted.
2
-
unknown error? is that the actual error text? you might find luck posting the exception anyways.colsw– colsw2017-11-01 21:22:06 +00:00Commented Nov 1, 2017 at 21:22
-
@colsw Yes, this IS an actual error textMuhammad Muzammil– Muhammad Muzammil2018-07-21 15:28:44 +00:00Commented Jul 21, 2018 at 15:28
Add a comment
|
1 Answer
For the error in Set-AuthenticodeSignature, Chances are your character encoding is not in UTF-8. You can change the character encoding to UTF-8 within notepad and things will work just fine. This is the most common cause of the "unknown error"
Regarding the next issue, of getting the script to run. From Get-Help about_Execution_Policies the AllSigned policy:
- Scripts can run.
- Requires that all scripts and configuration files
be signed by a trusted publisher, including scripts
that you write on the local computer.
We have a couple of options here. We could trust the certificate that we created at a higher level (by adding it to a trusted store), we can use a different certificate from a root CA, also trusted at a higher level and lastly, we could use a different ExecutionPolicy. Also from Get-Help about_Execution_Policies you may want to try using "RemoteSigned" as that will allow you to run self-signed scripts you wrote on your own machine, as well as trusted scripts downloaded from the internet:
RemoteSigned
- Scripts can run. This is the default execution
policy in Windows Server 2012 R2.
- Requires a digital signature from a trusted
publisher on scripts and configuration files that
are downloaded from the Internet (including
e-mail and instant messaging programs).
- Does not require digital signatures on scripts that
you have written on the local computer (not
downloaded from the Internet).
- Runs scripts that are downloaded from the Internet
and not signed, if the scripts are unblocked, such
as by using the Unblock-File cmdlet.
- Risks running unsigned scripts from sources other
than the Internet and signed, but malicious, scripts.
1 Comment
Ralph B Lantz
You are right. I had not added the certificate to a trusted store. I seem to remember this had happened earlier and the error was different. That is what had me confused.