I am trying to roll out a new AV solution to our data center via PS script, however our script signing enforces the ‘AllSigned’ execution policy, so I need to sign my script. I am a newbie when it comes to certs and our Engineer says I can use a self signed cert to sign my script. I am having doing this and believe I need a CA cert to accomplish what I need. Can anyone direct me to documentation if this is possible with self signed certs…or not? I can’t find anything definitive.
From a certificate standpoint, if you wanted to use a self-signed cert then your CA (yourself) would have to be installed as a trusted root cert on every machine you run the script on. That sounds like a non-starter to me.
But if you guys have a Public Key Infrastructure (PKI) already then someone should be able to set you up with a code-signing cert.
Also, is Powershell the best solution for rolling out an AV solution? No other options?
1 Like
Brian,
I think your question is way to brought to be answered in a forum like this and it is actually not a PowerSehll question anymore.
I assume you already read …
…, right?
Your question might fit better in a forum about general Windows environments, Active Directory, systems management and about PKI infrastructure.
You may start here:
How would you like to do that actually? That’s better done with a software deployment solution, I think. 
The AV solution’s ‘method’ for rollout ‘en-masse’ is via GPO which it also provides a canned PS script to facilitate the install. For initial rollout, workaround is that I can pipe the install commands via invoke-command and the pipe our servers into that, not essentially running a script. Ideally would like to have the GPO in place so any ‘new’ VM’s that are spun up automatically receive the AV. However, in hindsight, my question is more about code signing cert than actually powershell.
Do you have any kind of configuration management tool or end point management system like SCCM? It may be better to invest time and money into getting a viable solution like this up and running if you have a data center. It will offer a lot of nice features that you just can’t do via powershell, like reporting, compliance, device organization, etc.
We are already 95 percent rolled out with the new AV. I just wanted a GPO in place / with code signed, as other technicians add new VM’s, they will automatically get the new AV installed.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.