A user asked how to best sign ControlUp scripts – either through buying a code-signing certificate or using KB guidance. It was suggested that scripts be imported into the SBA using the import button, as they can be too big for copy/paste, and a GitHub link was shared for a script which could be used to sign PowerShell scripts using a code-signing certificate.
Read the entire ‘How to Sign ControlUp Scripts’ thread below:
Hi, I have a customer who needs signing for the community scripts. What is the easiest way to sign ControlUp scripts ?
I think the easiest method is to buy a code-signing cert and sign them yourself.
But I am happy to hear what ControlUp will say 😄
I believe we have a kb but the customer will need to sign the scripts themselves.
thats ok , can you give me a link to the KB?
I thoiught we had something but can’t find it, no matter what it is the same as signing any other powershell script see How to Sign PowerShell Scripts (And Effectively Run It) (adamtheautomator.com) as an example.
Ok, i am testing the things. I hope that question is not stupid:
I copy the script into a .ps1 , sign that as described in the article and copy the new code inclusive signing part into the SBA and can use that as signed script?
I think i have to set the execution policy by GPO?
If there is an update version of the script from ControlUp Community -> all from the beginning ?
correct on all
"C:\ProgramData\Smart-X\ControlUp\Scripts\8455d525-5d80-4985-8bf3-487
0174abe92.ps1" kann nicht geladen werden, da der Vorgang durch Richtlinien fr
die Softwareeinschr„nkung, z. B. die von der Gruppenrichtlinie erstellten
Richtlinien, blockiert wird.
+ CategoryInfo : Sicherheitsfehler: (:) [], ParentContainsErrorRe
cordException
+ FullyQualifiedErrorId : UnauthorizedAccess
We tested that in the customer environment and get this error. We think the problem is, that the .ps1 file is copied to the machine and the hash mismatches. Tested with ALD scriptI know we had an issue at some point with this but thought it was fixed, add a space after the signing part
otherwise please open a support ticket, the error doesn’t talk about signing as it usually mentions that but it just looks like it is blocking any ps1 file in that locationwe tried now with a short script (show printer) and that worked. It seems that we have a problem with the ALD script. Another problem with the customer security settings. That helped me, thanks for your help 🙂
yeah ALD is a beast, with that one you need to create a ps1 file, save it in there with the signing and use the import button for the sba as it’s too big for copy/paste. But still not guaranteed though
I use this script in my Explorer send to menu so I can right click PowerShell scripts and sign them with my own code signing certificate. It’s just a wrapper for Set-AuthenticodeSignature
https://github.com/guyrleech/Microsoft/blob/master/Signer.ps1
@member is the man for both haha
Continue reading and comment on the thread ‘How to Sign ControlUp Scripts’. Not a member? Join Here!
Categories: All Archives, ControlUp Scripts & Triggers