Handling of signed powershell scripts in OSD via Group Policy
Applications that utilize powershell as a detection method require that script to be signed with a code signing certificate. Code signing certificates are often managed through Active Directory Group Policy.
See: Appendix 3 in the Code-Signing Best Practices guide
The challenge is how to you implement a system during OSD where certificates are managed through GPO.
One could create a package that has certmgr and import the certificates; however, if there are any changes in the certs (revoked, expired, etc.) then there are multiple places to make that change.
In some environments the application developement group has no control over the practices used by the image developement group. Enforcing a seperate package to import certificates on the image deployment group may not always be foolproof when the application developement team wants to ensure 100% success with regard to the applications that are created.
The ability to bring down a GPO while the OSD task sequence is running would make signed powershell certificate management more efficient.
Updated by bobmn for sangeev/OSD