Hi All,
We are implementing sccm 2012 r2 hotfix 4 and I am struggling to be able to use powershell detection rules in deployment types.
My domain GPO is set to require signed powershell and we are used to signing our scripts and executing them via Altiris.
With SCCM I can't seem to get a powershell detection script to run whether I sign it or not. I get the following item in the Appdiscovery.log
C:\Windows\CCM\SystemTemp\52f2244b-e507-4bad-9379-0d73946acb26.ps1 is not
digitally signed. You cannot run this script on the current system. For more
information about running scripts and setting execution policy, see
about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.
I have seen some stuff about not being able to import a script that is signed because when you add it in, some blank spaces get added and that invalidates the signing, so I'm stuck there.
I've also seen stuff about setting up a client policy to bypass the requirement for signing, but I get the same exact errors in the logs if I use an unsigned script with the bypass policy. I've used policy spy and can confirm that the bypass setting should be applied.
uint32 PowerShellExecutionPolicy = 1;
I've also seen stuff about this not working on less than CU2, we applied CU4 to hopefully resolve this and it doesn't seem to make a difference.
Any suggestions??? Iv'e got a bunch of apps that I need to query content within an .xml file to see if an app is installed. I really don't want to re-write the scripts in .vbs