Custom Modules & Code Signature

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
User avatar
FarmersDairy
Posts: 22
Joined: Wed May 02, 2012 7:35 am

Custom Modules & Code Signature

Post by FarmersDairy »

OS: Windows 7 Professional (64-bit)
PSS: 2014 v4.1.49 (64-bit)


I am trying to figure out if I am missing something. I created a brand new module project and saved it to the appropriate folder where the Object Browser can locate it. I noted that the code signature is not applied to the module code at the end. I then close the project and refresh the Object Browser. The new modules loads in to the Object Browser without issue.

I then created a a new project with a single .ps1, apply the necesary code to it using the new module and save it. The .ps1 file has the necessary code signing applied. When I go to RUN it, I get the following error message (edited paths and module name).

Code: Select all

ERROR: Import-Module : File C:\XYZ\PowerShell\Modules\ABC\ABC.psm1 cannot be loaded. The file C:\XYZ\PowerShell\
ERROR: Modeles\ABC\ABC.psm1 is not digitally signed. You cannot run this script on the current system. For more
ERROR: information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.
Test-Working.ps1 (14): ERROR: At Line: 14 char: 1
ERROR: + Import-Module ABC
ERROR: + ~~~~~~~~~~~~~~~~~~~~~~~~~~
ERROR:     + CategoryInfo          : SecurityError: (:) [Import-Module], PSSecurityException
ERROR:     + FullyQualifiedErrorId : UnauthorizedAccess,Microsoft.PowerShell.Commands.ImportModuleCommand
ERROR: Show-MsgBox : The 'Show-MsgBox' command was found in the module 'ABC', but the module could not be loaded. For more information, run 'Import-Module
ERROR: ABC'.
I cannot seem to find a way to easily add the signature block to the bottom of the new module. I have cleared the Cache for the modules and rebuilt it just to be sure.

User avatar
davidc
Posts: 5913
Joined: Thu Aug 18, 2011 4:56 am

Re: Custom Modules & Code Signature

Post by davidc »

Make sure you have the following option checked:

Options->PowerShell->"Automatically sign .ps1 scripts files when saving"

This will make sure the psm1 file is signed when you export.

David
David
SAPIEN Technologies, Inc.

User avatar
FarmersDairy
Posts: 22
Joined: Wed May 02, 2012 7:35 am

Re: Custom Modules & Code Signature

Post by FarmersDairy »

That was the first thing I looked at. It is checked.

User avatar
FarmersDairy
Posts: 22
Joined: Wed May 02, 2012 7:35 am

Re: Custom Modules & Code Signature

Post by FarmersDairy »

I am working from home today and I have my home and work computers sitting side-by-side. On my work computer I get the above mentioned error in the output. On my home computer, the code executes as I would expect it too.

The only difference between the two setups that I can see is that my work computer has the Execution Policy pushed down to it through a GPO when I am in the office. When I perform a "Get-ExecutionPolicy -list" on both computers, the MachinePolicy shows as "Undefined" on my home computer and it shows "AllSigned" on my work computer (due to the GPO). Possible connection to my problem?

User avatar
davidc
Posts: 5913
Joined: Thu Aug 18, 2011 4:56 am

Re: Custom Modules & Code Signature

Post by davidc »

Not sure if this is the issue, since you say the psm1 is not signed, correct?

How are you "exporting" the module? Are you using PowerShell Studio's Export button or are you manually coping the files?
The signing occurs when you hit the Export button or use the Deploy option (which you can configure).

David
David
SAPIEN Technologies, Inc.

User avatar
FarmersDairy
Posts: 22
Joined: Wed May 02, 2012 7:35 am

Re: Custom Modules & Code Signature

Post by FarmersDairy »

I can confirm the problem is with the MachinePolicy being set to "AllSigned". I connected my laptop to the work network through VPN, removed the GPO from the AD container and forced an update to my computer.

After I rebooted the laptop I performed a "Get-ExecutionPolicy -list" and the MachinePolicy now shows as "Undefined". LocalMachine is set to "AllSigned", as it had been before. I then opened PSS 2014, loaded the .ps1 I was having issues with and it executed as expected.

I do not think I have to have the MachinePolicy configured in the GPO. I think I can get away with just having it defined in LocalMachine. Certainly something to look in to at some point.