Create a self signed - code signing certificate

February 6th, 2008

Using “makecert.exe”, whic is a part of Windows SDK, or download it here.
This tool is suitable for testing purposes only!

To create the root certificate:
Open Windows SDK CMD Shell (or Command Prompt and go to the makecert.exe location)
Run this command
makecert -n “CN=PowerShell Root Certificate” -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -len 1024 -sr localMachine

To create a user certificate (with the private key):
Open Windows SDK CMD Shell (or Command Prompt and go to the makecert.exe location)
Run this command

makecert -pe -n “CN=PowerShell User Certificate” -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer

Note that the number 1.3.6.1.5.5.7.3.3 indicates that a certificate can be used for code signing.

More info for Makecert: http://msdn2.microsoft.com/en-us/library/aa386968(VS.85).aspx

Posted in Security | No Comments »

Execute a Powershell script on Windows Vista

January 24th, 2008

script.ps1 is not digitally signed. The script will not execute  on the system. Please see “get-help about_signing” for more details.

To solve the problem, you can just change the Execution policy to “RemoteSigned” with the folowing command (as Administrator):
Set-ExecutionPolicy RemoteSigned   -   Note that this option is not recomanded!

The more secure way is to digitaly sign the script.

  1. Navigate to the location of your code signing certificate (like “Set-Location cert:\CurrentUser\my\” for Personal certificates).
  2. Type Get-CilldItem to get a list of all certificates in thihs location and copy the Thumbprint of the right certificate.
  3. Set the ”$cert” with the certificate location:

$cert = Get-Childitem -Path cert:\CurrentUser\My\A4309AD8067D6AC70E36B578A890A1EFC3FB -CodeSigningCert

    4.    Now with the folowing command digitaly sign the file
            (ex.: Powershell profile)

Set-AuthenticodeSignature -FilePath C:\…\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 -cert $cert

Posted in Powershell | No Comments »

Create a Powershell profile

January 24th, 2008

If you want that Powershell remember your aliases (and other commands) like “gh for Get-Help”,
you can create a Powershell profile script, which is automaticali executed at Powershell startup

  1. First test if a profile exist with the folowing command:
    test-path $profile
  2. If the resulte is false, use the folowing command to create a new profile
    new-item -path $profile -itemtype file -force
  3. Type notepad $profile to edit the pprofile
  4. Now you can write down all yours commands (ex. Set-Alias gh Get-Help)
    Powershell Profile

To view the location of the profile script type $profile

Posted in Powershell | No Comments »