\n
![\"Deployment](\"http:\/\/hosebei.wordpress.com\/wp-content\/uploads\/2013\/03\/detection-method01.png\")
<\/a>The detection method is now configured with a Powershell script, without any code-signing:\n
![\"Powershell](\"http:\/\/hosebei.wordpress.com\/wp-content\/uploads\/2013\/03\/detection-method02.png\")
<\/a>Here is this simple code snippet:\n
$TestFile = Get-ChildItem -Path \"C:\\temp\\test\\eins.txt\"
\n$TestFile.Exists<\/code><\/p>\nIf you deploy an application like this, and the Powershell Execution Policy is set to run only signed scripts, you will find the following error message in the AppDiscovery.log:
\n![\"AppDiscovery.log\"](\"http:\/\/hosebei.wordpress.com\/wp-content\/uploads\/2013\/03\/detection-method03.png?w=300\")
<\/a><\/p>\nIn-line script returned error output: & : File C:\\Windows\\CCM\\System\\Temp\\49e933fa-9975-42dd-b248-36689fc53149.ps1
\ncannot be loaded. The file
\nC:\\Windows\\CCM\\System\\Temp\\49e933fa-9975-42dd-b248-36689fc53149.ps1 is not
\ndigitally signed. The script will not execute on the system. For more
\ninformation, see about_Execution_Policies at
\nhttp:\/\/go.microsoft.com\/fwlink\/?LinkID=135170<\/a>.
\nAt line:1 char:3
\n+ & 'C:\\Windows\\CCM\\System\\Temp\\49e933fa-9975-42dd-b248-36689fc53149.ps1'
\n+\u00a0\u00a0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
\n+ CategoryInfo\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 : SecurityError: (:) [], PSSecurityException
\n+ FullyQualifiedErrorId : UnauthorizedAccess
\n<\/code>
\nSo what’s next? You’ve got to get a code-signing certificate, you can get it easily from your PKI, hopefully you got one.<\/p>\nAfter this, you can sign your Powershell script with the following command:
\nSet-AuthenticodeSignature c:\\temp\\test-file.ps1 @(Get-ChildItem cert:CurrentUserMy -codesigning)[0]<\/code>
\nIf there are more than one code-signing capable certificates in the store, you have to use another term, in my case:
\nSet-AuthenticodeSignature C:\\temp\\test-file.ps1 @(Get-ChildItem cert:CurrentUserMy1A7D1E2B6
\nD87D6B2DD06C2A59106FE91BE11D02E)[0]<\/code><\/p>\nYou should not receive any error messages. I used ISE to make and save the script on Windows 8. Be Aware, in earlier Versions of ISE, there was a Problem with signing script saved from ISE: http:\/\/connect.microsoft.com\/PowerShell\/feedback\/details\/483431\/set-authenticodesignature-fails-on-scripts-created-from-ise
\nThe Workaround was, to open the script from\u00a0ISE in Notepad, copy and paste it in a new Notepad document, then save, sign and use the new script.<\/p>\n
When the script is saved, you can Import it to the detection method:
\n![\"Import](\"http:\/\/hosebei.wordpress.com\/wp-content\/uploads\/2013\/03\/detection-method04.png?w=300\")
<\/a>Navigate to your script and open it:
\n![\"import\"](\"http:\/\/hosebei.wordpress.com\/wp-content\/uploads\/2013\/03\/detection-method05.png?w=300\")
<\/a>Now, the detection method is working, when your have imported the public key of the code-signing certificate to the Trusted Publisher store of the Destination Computer. And then, you will get your detection mehtod with powershell working:
\n![\"software](\"http:\/\/hosebei.wordpress.com\/wp-content\/uploads\/2013\/03\/detection-method06.png?w=300\")
<\/a><\/p>\n