By Jason Sandys – Sr. Program Manager | Microsoft Intune
Two significant actions on Windows devices require code-signing using a trusted, code-signing certificate:
Third-party application u...
Updated Nov 11, 2024
Version 10.0
Blog Post
Nice article thanks!
Is there a way to trust *all* code signing certificated my enterprise CA has created (we have one per user so we know who edited last signed file).
In the current case I am signing all my PowerShell scripts used for scheduled tasks. They are stored in sysvol and thus considered untrusted.
I signed the PowerShell script with a users code-signing cert. The scheduled tasks are run by NTAUTHORITY\SYSTEM,
I tried adding the CA cert via GPO to the trusted publishers machine store and that doesn't seem to have worked and generates a 'rejected by administrator' alert in task scheduler.
Logging on as domain admin to the machine where the task is to run and manually running the PowerShell script results in the untrusted publisher notification and asking me if i want to trust it.
Do I really have to add every code signing cert in the enterprise to trusted publishers?