I'm looking into signing all of our PowerShell admin scripts and using "Set-ExecutionPolicy AllSigned". One of the tests I'm doing right now is to sign a script used in a scheduled task then modify it without resigning. All works fine when the script is properly signed. When I modify it without resigning is where I'm having difficulty. Launching the script from a PowerShell commandline I get:
PS E:\posh> .\hw.ps1
File E:\posh\hw.ps1 cannot be loaded. The contents of file E:\posh\hw.ps1 may have been tampered because the hash of the file does not match the hash stored in the digital signature. The script will not execute on the system. Please see "get-help about_signing"
for more details..
At line:1 char:9
+ .\hw.ps1 <<<<
+ CategoryInfo : NotSpecified: (:) [], PSSecurityException
+ FullyQualifiedErrorId : RuntimeException
Yet the scheduled tasks shows it completed successfully without any mention of an error occuring.
<snip>action "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" with return code 0.
There also wasn't anything logged to the Windows Event Logs (inc: system, application, security, powershell). Can someone help me think out of the box on how to trap this error? Ideally I would like something to be logged if this occurs so an alert can be generated. Without daisy chaining scripts. :^)