P
Paul Klerkx
Guest
Our Windows 10 diagnostic utilities never come back with issues even when deliberately disabling components before running.
I have a theory that this may be because we have the group policy " Turn on Script execution" enabled and set to "Allow only Signed scripts". Will this stop diagnostics in Windows 10 from working?
********************************************************
More information if required
The diagnostic directories in c:\windows\diagnostics\system\ contain around 246 powershell scripts that are part of windows 10 but are not signed.
Does windows have something inbuilt that overrides the signed scripts policy. I'm thinking that it would block even the W10 built in scripts.
Do we need to sign all powershell scripts that come with windows 10? Does Microsoft have a method of doing this?
Is there a list of script files that come with Windows 10 so we don't just do a sign all approach, then find we have signed malware files.
We could probably configure something in the build task sequence to sign what is there initially. Is there any plan in place for Microsoft to start signing their scripts?
Will this be an ongoing process as updates are applied and files replaced, do we need to have a process in place to sign all PS1 files in Windows 10 ourselves?
MCSA, MCSE
More...
I have a theory that this may be because we have the group policy " Turn on Script execution" enabled and set to "Allow only Signed scripts". Will this stop diagnostics in Windows 10 from working?
********************************************************
More information if required
The diagnostic directories in c:\windows\diagnostics\system\ contain around 246 powershell scripts that are part of windows 10 but are not signed.
Does windows have something inbuilt that overrides the signed scripts policy. I'm thinking that it would block even the W10 built in scripts.
Do we need to sign all powershell scripts that come with windows 10? Does Microsoft have a method of doing this?
Is there a list of script files that come with Windows 10 so we don't just do a sign all approach, then find we have signed malware files.
We could probably configure something in the build task sequence to sign what is there initially. Is there any plan in place for Microsoft to start signing their scripts?
Will this be an ongoing process as updates are applied and files replaced, do we need to have a process in place to sign all PS1 files in Windows 10 ourselves?
MCSA, MCSE
More...