SignScriptsInLibrary.ps1

  • Article

Applies To: Virtual Machine Manager 2008, Virtual Machine Manager 2008 R2, Virtual Machine Manager 2008 R2 SP1

When you first start Windows PowerShell on a computer, the default security policy does not allow you to run scripts. The Windows PowerShell security policy for scripting is called an execution policy. The execution policy enables you to determine whether scripts can run in your environment and whether they must include a digital signature. You can see what your execution policy is by typing Get-ExecutionPolicy at the command line. You can change your execution policy by using the Set-ExecutionPolicy cmdlet. For more information about Windows PowerShell execution policies, see Running Scripts, or type get-help about_signing at the command prompt.

You can store your PowerShell scripts in the System Center Virtual Machine Manager (VMM) 2008 library, and you can run them by right-clicking the script and selecting Run PowerShell script. However, if your execution policy is set to allow only signed scripts to run, you will receive an error unless you sign the scripts stored in the library. Use the Set-AuthenticodeSignature PowerShell cmdlet to sign your scripts.

The following script uses a self-signed certificate to sign all of the scripts stored in the VMM Library. Before you run the script, you need to create a self-signed certificate. For instructions about how to create a self-signed certificate, type get-help about_signing at the command prompt.

Note

To run the following script, you must sign it first. To sign just this script, you can run the following commands at the command prompt:

$cert = @(Get-ChildItem cert:\CurrentUser\My -codesigning)[0]

Set-AuthenticodeSignature -FilePath <Path>\SignScriptsInLibrary.ps1 -Certificate $cert

Disclaimer

# Filename:      SignScriptsInLibrary.ps1
# Description:   Locates all PowerShell scripts in the VMM Library
#                and then signs them.

# Connect to the VMM server.
$VMMServer = Get-VMMServer -ComputerName "VMMServer01.Contoso.com"

# Get the certificate.
$cert = @(Get-ChildItem cert:\CurrentUser\My -codesigning)[0]

# Get the library shares.
$LibraryShares = Get-LibraryShare -VMMServer $VMMServer

# Find all PowerShell scripts in the Library.
Foreach ($LibraryShare in $LibraryShares)
{
   $VMMLibraryPath = $LibraryShare.Path
   $Scripts = @(Get-ChildItem -Path $VMMLibraryPath -Filter "*.ps1" -Recurse)

   # Sign each script.
   Foreach ($Script in $Scripts)
   {
      Set-AuthenticodeSignature -FilePath $Script.fullname -Certificate $cert
   }
}