我正在尝试签署一个简单的脚本来向我的学生展示。当我在记事本中创建脚本时,我使用Set-AuthicodeSignature得到一个未知错误。当我在尝试登录后查看脚本时,记事本显示了一个签名块。当我尝试运行时,PowerShell说脚本没有签名。我正在使用AllSigned的执行策略。有什么建议?如果我设置了Unrestricted的executionpolicy,那么脚本运行正常。
答案 0 :(得分:3)
对于Set-AuthenticodeSignature中的错误,可能是您的字符编码不是UTF-8。你可以在记事本中将字符编码更改为UTF-8,一切都会正常工作。这是“未知错误”的最常见原因
关于下一个问题,让脚本运行。从Get-Help about_Execution_Policies AllSigned政策:
- Scripts can run.
- Requires that all scripts and configuration files
be signed by a trusted publisher, including scripts
that you write on the local computer.
我们在这里有几个选择。我们可以信任我们在更高级别创建的证书(通过将其添加到受信任的商店),我们可以使用来自根CA的不同证书,也可以在更高级别受信任,最后,我们可以使用不同的ExecutionPolicy。同样来自Get-Help about_Execution_Policies您可能想尝试使用“RemoteSigned”,因为这将允许您运行您在自己的计算机上编写的自签名脚本,以及从Internet下载的可信脚本:
RemoteSigned
- Scripts can run. This is the default execution
policy in Windows Server 2012 R2.
- Requires a digital signature from a trusted
publisher on scripts and configuration files that
are downloaded from the Internet (including
e-mail and instant messaging programs).
- Does not require digital signatures on scripts that
you have written on the local computer (not
downloaded from the Internet).
- Runs scripts that are downloaded from the Internet
and not signed, if the scripts are unblocked, such
as by using the Unblock-File cmdlet.
- Risks running unsigned scripts from sources other
than the Internet and signed, but malicious, scripts.