Tag Archives: PowerShell

Create a self signed certificate and sign a PowerShell file

I believe some of the functionality from the commands below is only available in PowerShell v5 and newer.

Launch PowerShell and start by creating your code signing certificate.

New-SelfSignedCertificate -certstorelocation cert:\CurrentUser\my -dnsname "Sam Magee" -Type CodeSigningCert

This should generate a thumbprint, you’ll need this later.

ThumbprintSubject

66EWR4R0997G7UY9JRTY3J4IU5UI6LO2 CN=Sam Magee

Convert a plain text string (a secure password) into a secure string and then save the secure string into a variable.

$pwd = ConvertTo-SecureString -String "Password" -Force -AsPlainText

Export the pfx file, substitute the location, filename and thumbprint for your own

Export-PfxCertificate -Cert Cert:\CurrentUser\My\66EWR4R0997G7UY9JRTY3J4IU5UI6LO2E18F039BC -FilePath "D:\Sam’s-Cert.pfx" -Password $pwd

Export the crt file, substitute the location, filename and thumbprint for your own.  This is the file you will install on the machine you want to run your signed PowerShell code.

Export-Certificate -Cert Cert:\CurrentUser\My\66EWR4R0997G7UY9JRTY3J4IU5UI6LO2E18F039BC -FilePath "D:\Sam’s-Cert.crt"

Now that you have your PFX file exported, double click on it to reinstall it on this machine.  Install it for the Current User to overwrite the certificate we’ve just made.  When asked to fill in the “Import options” tick the following:

  • Enable strong private key protection.  You will be prompted every time the private key is used by an application if you enable this option
  • Mark the key as exportable.  This will allow you to backup or transport your keys at a later time.
  • Include all extended properties.

The top tick box will prevent malicious applications from being able to sign files as you.  The second will allow you to port your key to another machine if needed or if you wipe your machine.  The final option keeps the setting that tells the certificate to be a code signing certificate.

Get your code signing certificate from your cert volume.

$cert = @(Get-ChildItem Cert:\CurrentUser\My -codesigning)[0]

Sign the PowerShell file with the certificate.

Set-AuthenticodeSignature "D:\test.ps1" $cert

Windows Server Deduplication not freeing up space after files are deleted

If you have data deduplication setup on a Windows server volume and you delete a files the space that file took up is not returned as free space until something called garbage collection has run.

 

This should run once every week.  Mine runs at 02:45 on Saturday mornings, this was the default and since it doesn’t conflict with any other high disk or CPU tasks I’ve left it at that.  You can see when deduplication tasks are scheduled by running Get-DedupSchedule.

 

To force a garbage collection run the following PowerShell:

Start-DedupJob -Type GarbageCollection -Priority normal -Volume D:

You can substitute the volume D: for the volume you want to work on.  Once you’ve run the command you can run Get-DedupStatus to see how the task is progressing.  Deduplication is CPU and disk intensive.

 

TechNet: Install and Configure Data Deduplication

Adding Virtual Machines to Hyper-V with PowerShell

After you’ve exported a VM from Hyper-V you may want to import a unique copy of it or several unique copies of it back into Hyper-V.

$i=1
Do
{
###################### Import Virtual Machine from Template ######################
$NewVMNumber=$i
$VMToImport='C:\Users\administrator.ISLEWORTHSYON\Desktop\isos\2016srv\Server 2016 Preview\Virtual Machines\E58E5FDD-03DF-4870-8725-5F63AD7D943D.xml'
$VMPath='D:\ProgramData\Microsoft\Windows\Hyper-V\Virtual Machines\S16'+$newVMNumber
$VMHDD='D:\Users\Public\Documents\Hyper-V\Virtual Hard Disks\S16'+$newVMNumber
$NewVMName='Server 2016 Preview - S16'+$NewVMNumber

Import-VM -Path $VMToImport –Copy -GenerateNewId -VirtualMachinePath $VMPath -SnapshotFilePath $VMPath -SmartPagingFilePath $VMPath -VhdDestinationPath $VMHDD

Rename-VM 'Server 2016 Preview' -NewName $NewVMName

###################################### End #######################################
$i++
}
While ($i -le 2)