Plus, unlike what most people envision on here, Microsoft intends companies to push AllSigned or RemoteSigned, rather than Unrestricted.
So the company can push their CA and new PS policy in a single GPO, and then all internal PS scripts are signed using an internal CA generated code signing certificate.
This sounds complex but it is actually as simple as running Set-AuthenticodeSignature on each script using the code signing certificate.
So the company can push their CA and new PS policy in a single GPO, and then all internal PS scripts are signed using an internal CA generated code signing certificate.
This sounds complex but it is actually as simple as running Set-AuthenticodeSignature on each script using the code signing certificate.