Scappman PowerShell Certificate

Here you can find the Scappman Public Certificates & information on how to implement the PowerShell Execution Policy in your environment.

Certificates

To help our customers create secure environments, Scappman signs all the PowerShell scripts it creates. The public key of our Code Signing certificate can be found at the bottom of this paragraph. By adding this certificate to the Trusted Publishers local machine certificate store you can set your PowerShell ExecutionPolicy to AIISigned, which will only allow scripts that have been signed by a Trusted Publisher to run.

For more information about PowerShell ExcutionPolicy, refer to the Microsoft Docs.

In case you want to implement this, check out our guide down below

It is crucial to keep both certificates on your machines as some of the current packages, which are already pushed in your Intune tenant, are still signed with the old certificate.

New Certificate (For packages deployed starting 03/10/2024):

2KB
Xplendit-CodeSigning.cer

Certificate (For packages deployed until 03/10/2024) :

2KB
Scappman_codesigning.cer

How-To: Enable Execution Policy and trust the certificate

PowerShell ‘AllSigned’ Execution Policy Overview

Enabling the ‘AllSigned’ Execution Policy in PowerShell enhances IT security by requiring all scripts and configuration files to be signed by a trusted publisher before execution. Key benefits include:

  • Enhanced Security: Reduces the risk of running malicious or unauthorized code.

  • Integrity Assurance: Ensures scripts haven’t been tampered with, supporting compliance with security standards.

  • Accountability: Tracks the origin of scripts, providing greater control over the IT environment.

  • Trust Management: Establishes trusted relationships with script publishers, allowing only verified scripts to be executed.

By implementing this policy, Scappman helps you create a secure environment, protect your data, and maintain the reliability of your IT operations.

You can configure the ALL Signed policy in Intune with the following Administrative Template.

How to import a certificate into the Trust Publishers Root folder

  1. Download the New Certificate

  1. Get the thumbprint of the certificate

  1. Create custom Intune profile setting

  1. Fill in required information.

Fill in Name by your choice.

Construct OMA-URI: ./Device/Vendor/MSFT/RootCATrustedCertificates/TrustedPublisher/!Placethumbprintnumberhere!/EncodedCertificate

Open newest certification and copy paste into "String Value".

See step 2 for Thumbprintnumber

  1. Assign policy to your devices.

Last updated

Was this helpful?