0

I am experimenting with PowerShell and script signing. I have created a sample script.

Write-Host "hello, world"

I further created a self-signed certificate and installed it (as administrator) to a trusted certificate store "TrustedPeople". Then I activated the execution policy

Set-ExecutionPolicy -scope process AllSigned

After that the script could not be executed anymore. That's expected. So I've signed the script:

Set-AuthenticodeSignature -FilePath .\hello.ps1 $cert

The variable $cert still contains the self-signed certificate. After that I got this message when I started the script:

Do you want to run software from this untrusted publisher?

File C:\temp\hello.ps1 is published by CN=Ich and is not trusted on your system. Only run scripts from trusted publishers.

[V] Never run [D] Do not run [R] Run once [A] Always run [?] Help (default is "D"):

Due to a bad localization of the PowerShell I chose the wrong answer [E]:

[E] Noch nie ausgeführt [N] Nicht ausführen [M] Einmal ausführen [A] Immer ausführen

In that state I can't execute the script anymore. Removing and re-installing of the certificate didn't help. How can I restore the state before this mistake?

Edit: While I am experimenting I can delete the cert and create a new one. But what happens if I have distributed the scripts and the cert and this mistake happens on another PC? Purging the cert isn't an option in that case. Therefore I actually restore the cert.

Community
  • 1
  • 1
harper
  • 13,345
  • 8
  • 56
  • 105

1 Answers1

0

I suppose your certificate got automatically added to untrusted certificates. Try to remove your certificate from untrusted certificate store and then add your certificate to the trusted list on your system to run the script without getting prompted.

See How to trust a certificate in Windows Powershell.

UPDATE I could reproduce the problem on my machine. After choosing [V] Never run I could not execute the script anymore. The reason was, that my valid certificate got added to the untrusted certificates of my user account. I could solve my problem by doing the following.

  1. Open Microsoft Management Console (Run -> mmc)
  2. Add Certificates Snap-In
    1. Press Ctrl + m
    2. Select Certificates
    3. Click Add >
    4. Select My user account
    5. Click Ok
  3. Navigate to Untrusted Certificates
  4. Check, if you find your certificate there
  5. If you found it, delete it from untrusted certificates
rufer7
  • 3,369
  • 3
  • 22
  • 28
  • Your statement maybe true. I can probably avoid be prompted. But does this answer the question? I did the mistake to answer with "never run". How can I make it usable again. – harper Dec 28 '17 at 12:42