Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

How can we improve Configuration Manager?

Handling of signed powershell scripts in OSD via Group Policy

Applications that utilize powershell as a detection method require that script to be signed with a code signing certificate. Code signing certificates are often managed through Active Directory Group Policy.

See: Appendix 3 in the Code-Signing Best Practices guide
https://msdn.microsoft.com/en-us/library/windows/hardware/dn653556%28v=vs.85%29.aspx

The challenge is how to you implement a system during OSD where certificates are managed through GPO.

One could create a package that has certmgr and import the certificates; however, if there are any changes in the certs (revoked, expired, etc.) then there are multiple places to make that change.

In some environments the application developement group has no control over the practices used by the image developement group. Enforcing a seperate package to import certificates on the image deployment group may not always be foolproof when the application developement team wants to ensure 100% success with regard to the applications that are created.

The ability to bring down a GPO while the OSD task sequence is running would make signed powershell certificate management more efficient.

1 vote
Vote
Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
You have left! (?) (thinking…)
Michael Wolf shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
Noted  ·  sangeev responded  · 

Updated by bobmn for sangeev/OSD

0 comments

Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base