Hacker News new | past | comments | ask | show | jobs | submit login

That still has the same issue. Powershell will refuse to run scripts that are not signed by default.



You can use the -ExecutionPolicy argument to get around that.

It's not a security boundary, just something to stop users accidentally opening an email attachment like they will with bat/vbs.


Which is pointless if it's only for powershell.... But hey, security theater is kinda the MO of Microsoft if you think about rotating password policies which have a maximum password length etc


Sign the powershell script. It’s not that large of a hurdle to get a code signing cert, though it certainly isn’t trivial.


Code signing certs must have the key HSM’d these days. It’s a big hurdle.


You have to go through a humilating process to get it as well as pay few hundred $$$ to one of MS street vendors.


you have to prove who you are, yes. I don't know what you mean in the 2nd half of the sentence.


lemme explain quickly: you have to prove a lot of different things on paper, not just who you are; in reality this is just a money-milking side-hustle business for Microsoft. The process I had to go through had many different steps but in the end it all just relied on a blind trust between me and vetting team from the first step.


lemme respond quickly: code signing certs are in use by many more than just microsoft. if i want a code signing cert from digicert, microsoft doesn't get any money, digicert does. i can use it for more than just powershell scripts, of course, i can sign anything. they are useful things to have. getting them is a pain in the ass, yes, but it's supposed to be. they want to filter out identity impersonators and do everything they can to issue a cert to a person that is who they say they are. that's the whole point of the cert, so that's why you must show all of that proof.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: