Dear Checkmk community,
the Windows Agent runs PowerShell scripts with the parameter -ExecutionPolicy Bypass.
Is there a way to change this behavior? Specifically, how can we conveniently sign all PowerShell scripts used by the agent?
Additionally, is it possible to download all scripts used by the agent, sign them, and upload them again so that the signed scripts can be distributed via Agent Bakery?
Thank you in advance.
Martin
Due to security policies we are also in need of signed powershell scripts. At least all shipped plugins should be signed by default for not getting in trouble using "AllSigned " as execution policy. Downloading all shipped plugins, signing and reupload them is not practical. What happens if you need support using those “modified” plugins?
Checkmk Support told us, there will be an solution in Checkmk 2.5 but still waiting
I have to agree. We’re having the same problems because of the powershell security policies we’re being forced to use.
Hello @MartinS and others,
Thank you for reporting this.
We have this on our radar and are working on this.
We will report back here with updates.
Best regards
Hartmut
Hello again,
short intermediate update:
There is an implementation for this now - Werk #19211: Deploy signed PowerShell plugins with Windows agent
The team is working on also delivering this for 2.5.0
We will ping you, once there is an update for 2.5
Sunny Greetings
Hartmut