Add-SignerRule
Creates a signer rule and adds it to a policy.
Syntax
Add-SignerRule
-FilePath <String>
-CertificatePath <String>
[-Kernel]
[-User]
[-Update]
[-Supplemental]
[-Deny]
[<CommonParameters>] Add-SignerRule
-FilePath <String>
-CertStorePath <String>
[-Kernel]
[-User]
[-Update]
[-Supplemental]
[-Deny]
[<CommonParameters>] Description
The Add-SignerRule cmdlet creates a signer rule based on a certificate, and then adds the rule to a Code Integrity policy. By default, this cmdlet creates allow rules. Specify at least one scenario for the rule in the policy from the following scenarios:
- User
- Kernel
- Update
Examples
Example 1: Create and add a signer rule for User mode
PS C:\> Add-SignerRule -FilePath '.\Policy.xml' -CertificatePath '.\certificate07.cer' -UserThis command generates a signer rule for the certificate in certificate07.cer. The command adds the rule to policy.xml for the User mode scenario.
Parameters
-CertificatePath
Specifies the path of a certificate (.cer) file that this cmdlet uses for the rule.
| Type: | String |
| Aliases: | c |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CertStorePath
Specifies the path to a certificate store to export certificates into the policy.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Deny
Indicates that this cmdlet creates a deny rule instead of the default allow rule.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-FilePath
Specifies the path of the policy .xml file to which this cmdlet adds the rule.
| Type: | String |
| Aliases: | f |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Kernel
Indicates that this cmdlet adds the rule as a Kernel mode rule. You can add a rule as more than one scenario.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Supplemental
Indicates that this cmdlet adds the rule as a Supplemental policy signers rule. You can add a rule as more than one scenario.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Update
Indicates that this cmdlet adds the rule as an Update policy signers rule. You can add a rule as more than one scenario.
Update policy signers rules to determine which signers can sign a policy in signed policy scenario.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-User
Indicates that this cmdlet adds the rule as a User mode rule. You can add a rule as more than one scenario.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |