Washington DC Endpoint Management User Group

I am trying to run task with script type "PowerShell". It works fine if I manually change my ExecutionPolicy to Unrestricted. However, if our clients are set to restricted the script needs to be signed. How can I sign a script that is writen in the task window automatically?

https://www-secure.symantec.com/connect/blogs/run-powershell-scripts-through-deployment-server

Have a look at this: http://www.hanselman.com/blog/SigningPowerShellScripts.aspx

Remember that every computer that will be running the script will require the certificate in it's repository. So, either use your Enterprise root certificate, or better yet, get a specific certificate signed by your Enterprise CA for script signing and distribute that together with your Enterprise root certificate

You can make use of some sample tasks that allow you to change the PowerShell execution mode.  Navigate to Jobs/Tasks -> Sample Tasks -> Notification Server. In the Notification server, you will see two tasks: Enable PowerShell Signing Policy and Disable PowerShell Signing Policy. Use these tasks in combination with your Run Script PowerShell task in a new Job and you're all set.

You job would look as follows:

1. Disable PowerShell Signing Policy
2. Run your PowerShell Run Script Task
3. Enable PowerShell Signing Policy.

If your users are not adminstrators on their machines, you'll need to ensure that these steps are run using the agent credential or an administrator account. Also, notice that the Disable task runs before the Enable task.

If you are unable to find the signing policy tasks, they are simple command scripts that each contain one line.

Disable PowerShell Signing Policy

    powershell Set-Executionpolicy unrestricted
 

Enable PowerShell Signing Policy

     powershell Set-Executionpolicy restricted