Manualshelf

Datasheet

ManualsBrandsWiley ManualsSoftware978-1-1180-2731-8
21222324252627282930
UNDERSTAND THE BASICS OF POWERSHELL 21
Administering
Service Delivery
PART I
If you’re running scripts that you wrote for computer administration, then using the
RemoteSigned
setting will be ideal in most cases. However, you do have the option
of signing the scripts that you create for additional security. If you’re going to be
using PowerShell scripts for Active Directory administration and storing the scripts
on a network share or somewhere that other people may have write access to, then
it’s a good idea to sign the scripts. Signing the scripts will ensure that no one can
tamper with them. If you choose to sign the scripts that you write locally, then using
the
AllSigned
execution policy is recommended.
To con gure the execution policy setting, use the
Set-ExecutionPolicy
cmdlet:
Set-ExecutionPolicy RemoteSigned
Script Signing
When you sign a script, you put a digital signature on the script that can be traced
back to the owner of the signature.  e script is run through a mathematical algo-
rithm that generates a unique value (called a hash) that is based on the contents of
the script. If the script is changed, a di erent hash value is generated.  e process
that is executing the script can run the script through the same algorithm that was
used to sign it, and if the resulting hash value is di erent than the one the script is
signed with, the process knows the script has been tampered with.
is hash value isn’t stored in plain text, though, because someone could potentially
change the script and then change the hash value to re ect the scripts new hash. To
prevent this from happening, the hash value is encrypted with a public/private key
pair.  e idea behind a public/private key pair is that data can be encrypted with
one of the keys and can only be decrypted using the other. When a user obtains a
Public Key Infrastructure (PKI) certi cate, two keys are associated with the
certi cate: the public key and the private key.  e private key is only available to the
owner of the certi cate. In fact, most of the time, this key is automatically gener-
ated and stored in a protected manner in the local certi cate store of the computer.
e public key, however, is usually given to other people in a publically available
certi cate.
To illustrate this, consider two people, Alice and Bob. Alice created a script, and
Bob is using it. When Alice signs the script that she created, the script’s hash gets
encrypted with Alice’s private key. When Bob uses the script, he decrypts the hash
with Alice’s public key before checking whether the hash is valid. By doing this, Bob
is assured that Alice really created the script, because she is the only person who has
c01.indd 21c01.indd 21 5/12/2011 1:07:48 PM5/12/2011 1:07:48 PM