Special Thanks to Raghuraman Rajan
Disclaimer: Please contact Sophos Professional Services if you require as
The script will install Certificates in trusted root on the local device automatically. This is to avoid the installation of SSL CA manually.
Kindly see below for reference for installing SSL CA:
Click Cert.zip to download.
Doing this keeps the system safe by preventing unauthorized scripts from running
How to Set PowerShell Execution Policy to RemoteSigned
Windows 11: Settings App > Privacy & Security > For developerWindows 10: Settings App > Updated & Security > For developer
Change execution policy to allow local PowerShell script to run without signing. Require signing for remote scripts “under the PowerShell section.” Then click Apply
2.1 Launch PowerShell in elevated mode
2.2 Enter the following commands “Set-ExecutionPolicy RemoteSigned” as seen below.
For Reference: www.itechtics.com/.../
1. Extract the Cert.zip to desired location/directory and add the Certificates.2. Run PowerShell in elevated mode.Click the Start/Window button then type PowerShell, then Right click the PowerShell Icon and select Run as Administrator
3. Go to the Directory where the Script and Certificates are saved by doing the following commandcd < Path where the script is saved>
To verify you can use the command “dir”
4. To run the script. Kindly type .\Cert.ps1 then Press Enter
*If you encounter the following issue below.
*Running script is disabled on your system and needs to be enabled by your system/network administrator
Go to Run from the Start menu then enter “certlm.msc “ and verify if the Certificate was installed
Set-Location $PSScriptRootdir -Path ".\" -filter *.crt | Import-Certificate -CertStoreLocation cert:\localmachine\rootdir -Path ".\" -filter *.cer | Import-Certificate -CertStoreLocation cert:\localmachine\rootdir -Path ".\" -filter *.pem | Import-Certificate -CertStoreLocation cert:\localmachine\root
Thanks for the guide.
Sometimes I've seen cases where the Active Directory SSL certificate distribution didn't do its job.
It can be used as an alternative solution if the required…
It can be used as an alternative solution if the required certificates are added to the sysvol directory and the method you share with the startup script is adapted.