If you select CA Manager Approval, you will need to approve the certificate request from the “Pending Requests” folder in your certsrv.msc console. More on this can be found at but essentially you can choose to require “CA certificate manager approval” from the “Issuance Requirements” tab. If you want to overcome the security risk, have the CA certificate manager approve any certificate request made of this template. Combining these certificate options may create a security risk and is not recommended.” “Current settings for this certificate template allow a client to submit a certificate request using any subject name and does not require approval by a certificate manager. Click the “Subject Name” tab and choose the radio option “Supply in the request”. Add the user who will sign the scripts and set their permission to “Enroll”Ħ. Find the Template “Code Signing”, right click it and choose “Duplicate Template”ĥ. Expand your CA, right click “Certificate Templates” and click “Manage”ģ. On your CA, open the Certificate Authority MMC (Start – Run – certsrv.msc)Ģ. It looks tidier and i dont end up plastering my username in all my clients Trusted Publisher stores.ġ. I like to use a general name for the code signing certificate. If we use the out of the box template on the CA, the subject of the issued certificate will be the user who requests it. The first task will be to create a new Code Signing Template on your CA. Signing the PowerShell Script Create a custom Code Signing Template on your CA Distribute the Code Signing Certificate via GPOĥ. Complete a Certificate Request using the Code Signing TemplateĤ. Create a custom Code Signing Template on your CAĢ. The PowerShell we use in the “App Detection Method” will check the OneDrive version, if it exists, for the current logged on user.īig shout to for making his OneDrive file version detection script availble to the community here Here is what we will coverġ. In the following example, we will be distributing the OneDrive client. If your environment needs to be a bit tighter with script execution and you dont want to open up the Execution Policy, here is how you can sign the scripts using your own PKI infrastructure. The PowerShell Execution Policy can be modified in Client Settings to allow ConfigMgr to execute unsigned scripts. In this blog post we will look at signing the PowerShell scripts we use in the “App Detection Method” when distributing apps with ConfigMgr.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |