Scappman Support Center
  • Scappman Support Center
  • 🖥️Applications
    • What is the difference between public and private applications?
    • How Scappman keeps your available apps up to date
    • Pausing Scappman Updates
    • How will Scappman interact with applications that already exist on my device
    • Why is there a Scappman pop-up
      • How to add custom branding to the pop-up
    • Request a new managed app
    • Using MST's with Scappman Apps
    • Bring your own app to Scappman
      • Uploading your own app to Scappman
        • Install Command Cheat Sheet
      • Updating your private (custom) applications in Scappman
      • Additional files in custom apps
    • My applications can't be opened after an update
    • Scappman PowerShell Certificate
    • Discovery & Autopatch
    • Deploy your first app
  • 🔓Permissions
    • 🧑‍🏫User permissions
      • How to add an additional admin in Scappman
      • Admin roles
    • 🤖App Registration
      • How to grant admin consent to Scappman
      • Why do we need permissions in your tenant?
  • 📃Billing
    • ⚖️How does billing work?
    • 🛑What happens when I cancel my subscription
    • ✉️Update company information and email recipients
  • 🤝Partner
    • How to activate a customer as a partner
    • How to invite customers in Scappman as a Partner
  • 📬Support
    • Contacting support
    • Custom app support
    • Troubleshooting log file reference
    • 🆘Error code reference
  • ⚠️Known Issues
    • Scappman reports not populating
  • ⌨️Advanced Configurations
    • Using custom registry keys during installation
    • TeamViewer Host activation
Powered by GitBook
On this page
  • Certificates
  • How-To: Enable Execution Policy and trust the certificate
  • PowerShell ‘AllSigned’ Execution Policy Overview
  • You can configure the ALL Signed policy in Intune with the following Administrative Template.
  • How to import a certificate into the Trust Publishers Root folder

Was this helpful?

  1. Applications

Scappman PowerShell Certificate

Here you can find the Scappman Public Certificates & information on how to implement the PowerShell Execution Policy in your environment.

Last updated 7 months ago

Was this helpful?

Certificates

To help our customers create secure environments, Scappman signs all the PowerShell scripts it creates. The public key of our Code Signing certificate can be found at the bottom of this paragraph. By adding this certificate to the Trusted Publishers local machine certificate store you can set your PowerShell ExecutionPolicy to AIISigned, which will only allow scripts that have been signed by a Trusted Publisher to run.


It is crucial to keep both certificates on your machines as some of the current packages, which are already pushed in your Intune tenant, are still signed with the old certificate.

New Certificate (For packages deployed starting 03/10/2024):

Certificate (For packages deployed until 03/10/2024) :


How-To: Enable Execution Policy and trust the certificate

PowerShell ‘AllSigned’ Execution Policy Overview

Enabling the ‘AllSigned’ Execution Policy in PowerShell enhances IT security by requiring all scripts and configuration files to be signed by a trusted publisher before execution. Key benefits include:

  • Enhanced Security: Reduces the risk of running malicious or unauthorized code.

  • Integrity Assurance: Ensures scripts haven’t been tampered with, supporting compliance with security standards.

  • Accountability: Tracks the origin of scripts, providing greater control over the IT environment.

  • Trust Management: Establishes trusted relationships with script publishers, allowing only verified scripts to be executed.

By implementing this policy, Scappman helps you create a secure environment, protect your data, and maintain the reliability of your IT operations.

You can configure the ALL Signed policy in Intune with the following Administrative Template.

How to import a certificate into the Trust Publishers Root folder

  1. Download the New Certificate

  1. Get the thumbprint of the certificate

  1. Create custom Intune profile setting

  1. Fill in required information.

Fill in Name by your choice.

Construct OMA-URI: ./Device/Vendor/MSFT/RootCATrustedCertificates/TrustedPublisher/!Placethumbprintnumberhere!/EncodedCertificate

Open newest certification and copy paste into "String Value".

See step 2 for Thumbprintnumber

  1. Assign policy to your devices.

For more information about PowerShell ExcutionPolicy, refer to the .

In case you want to implement this, check out our down below

🖥️
Microsoft Docs
guide
2KB
Xplendit-CodeSigning.cer
2KB
Scappman_codesigning.cer