< Back
Add-SignerRule
Post
NAME Add-SignerRule
SYNOPSIS
Creates a signer rule and adds it to a policy.
SYNTAX
Add-SignerRule [-Deny] [-Kernel] [-Update] [-User] -CertificatePath <String> -FilePath <String> [<CommonParameters>]
DESCRIPTION
The Add-SignerRule cmdlet creates a signer rule based on a certificate, and then adds the rule to a Code Integrity policy. By default, this cmdlet
creates allow rules. Specify at least one scenario for the rule in the policy from the following scenarios:
-- User
-- Kernel
-- Update
PARAMETERS
-CertificatePath <String>
Specifies the path of a certificate (.cer) file that this cmdlet uses for the rule.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Deny [<SwitchParameter>]
Indicates that this cmdlet creates a deny rule instead of the default allow rule.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-FilePath <String>
Specifies the path of the policy .xml file to which this cmdlet adds the rule.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Kernel [<SwitchParameter>]
Indicates that this cmdlet adds the rule as a Kernel mode rule. You can add a rule as more than one scenario.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Update [<SwitchParameter>]
Indicates that this cmdlet adds the rule as an Update policy signers rule. You can add a rule as more than one scenario.
Update policy signers rules to determine which signers can sign a policy in signed policy scenario.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-User [<SwitchParameter>]
Indicates that this cmdlet adds the rule as a User mode rule. You can add a rule as more than one scenario.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
Example 1: Create and add a signer rule for User mode
PS C:\\>Add-SignerRule -FilePath '.\\Policy.xml' -CertificatePath '.\\certificate07.cer' -User
This command generates a signer rule for the certificate in certificate07.cer. The command adds the rule to policy.xml for the User mode scenario.
RELATED LINKS
New-CIPolicyRule
SYNOPSIS
Creates a signer rule and adds it to a policy.
SYNTAX
Add-SignerRule [-Deny] [-Kernel] [-Update] [-User] -CertificatePath <String> -FilePath <String> [<CommonParameters>]
DESCRIPTION
The Add-SignerRule cmdlet creates a signer rule based on a certificate, and then adds the rule to a Code Integrity policy. By default, this cmdlet
creates allow rules. Specify at least one scenario for the rule in the policy from the following scenarios:
-- User
-- Kernel
-- Update
PARAMETERS
-CertificatePath <String>
Specifies the path of a certificate (.cer) file that this cmdlet uses for the rule.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Deny [<SwitchParameter>]
Indicates that this cmdlet creates a deny rule instead of the default allow rule.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-FilePath <String>
Specifies the path of the policy .xml file to which this cmdlet adds the rule.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Kernel [<SwitchParameter>]
Indicates that this cmdlet adds the rule as a Kernel mode rule. You can add a rule as more than one scenario.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Update [<SwitchParameter>]
Indicates that this cmdlet adds the rule as an Update policy signers rule. You can add a rule as more than one scenario.
Update policy signers rules to determine which signers can sign a policy in signed policy scenario.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-User [<SwitchParameter>]
Indicates that this cmdlet adds the rule as a User mode rule. You can add a rule as more than one scenario.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
Example 1: Create and add a signer rule for User mode
PS C:\\>Add-SignerRule -FilePath '.\\Policy.xml' -CertificatePath '.\\certificate07.cer' -User
This command generates a signer rule for the certificate in certificate07.cer. The command adds the rule to policy.xml for the User mode scenario.
RELATED LINKS
New-CIPolicyRule