2.8 Extending Trust to All User Accounts

To execute PowerShell scripts under the AllSigned Execution Policy, extend trust to all user accounts. Extending trust is a two-phase process that involves exporting the digital certificate from the current user and importing the digital certificate to all users on the local computer.

2.8.1 Exporting the NetIQ Corporation Digital Signature Certificate

To extend trust to all user accounts, first export the NetIQ Corporation digital signature certificate from the current user using the Microsoft Management Console.

To export the NetIQ Corporation digital signature certificate from the current user:

  1. On the Start menu, click Run.

  2. In the Open field, type mmc.exe, and then click OK.

  3. On the File menu, click Add/Remove Snap-in.

  4. Click Add and then select the Certificates snap-in.

  5. Click Add, select My user account, and then click Finish.

  6. Click Close, and then click OK.

  7. Expand the Certificates - Current User node.

  8. Expand the Trusted Publishers sub-node and select the Certificates sub-node.

  9. In the right pane, right-click the NetIQ certificate, select All Tasks, and then select Export.

  10. Click Next in the Certificate Export Wizard.

  11. Select DER encoded binary, and then click Next.

  12. Click Browse, select the Desktop icon, type NetIQ in the File name field, and then click Save.

  13. Click Next, and then click Finish.

2.8.2 Importing the NetIQ Corporation Digital Signature

The next phase of extending trust to all user accounts involves importing the NetIQ Corporation digital signature to all users on the local computer. Use the Microsoft Management Console to execute the import procedure.

To import the NetIQ Corporation digital certificate to all users on the local computer:

  1. On the File menu in the Microsoft Management Console window, click Add/Remove Snap-in.

  2. Click Add, and then select the Certificates snap-in.

  3. Click Add, select Computer account, and then click Next.

  4. Select Local computer, and then click Finish.

  5. Click Close, and then click OK.

  6. Expand Certificates (Local Computer) and select Trusted Publishers.

  7. Right-click in the right pane, select All Tasks, and then select Import.

  8. Click Next in the Certificate Import Wizard.

  9. Click Browse, click the Desktop icon, select NetIQ.cer, and then click Open.

  10. Click Next in the Wizard.

  11. Select Place all certificates in the following store.

  12. Click Browse, and then select Show physical stores.

  13. Expand Trusted Publishers and select Local Computer.

  14. Click OK.

  15. Click Next in the Certificate Import Wizard, and then click Finish.

After you complete both the phases of the trust process, the NetIQ Corporation certificate is contained in the certificate store for the local computer, allowing a user to execute the PowerShell scripts.