How would you know if all PowerShell scripts on a production critical server are safe? Here is a simple line that can help you conduct a security audit:
Get-Childitem c:\ *.ps1 -Recurse -ea 0 | Get-AuthenticodeSignature |
Where-Object { $_.Status -ne ‘Valid’ }
Where-Object { $_.Status -ne ‘Valid’ }
This will find all PowerShell scripts on drive c:\ and check their digital signature. Any script without a signature or having an invalid signature will get reported back to you. Next, you can double-check those scripts and then sign them if they are OK.