Add-SignerRule

Creates a signer rule and adds it to a policy.

Syntax

Add-SignerRule
   -FilePath <String>
   -CertificatePath <String>
   [-Kernel]
   [-User]
   [-Update]
   [-Supplemental]
   [-Deny]
   [<CommonParameters>]
Add-SignerRule
   -FilePath <String>
   -CertStorePath <String>
   [-Kernel]
   [-User]
   [-Update]
   [-Supplemental]
   [-Deny]
   [<CommonParameters>]

Description

The Add-SignerRule cmdlet creates a signer rule based on a certificate, and then adds the rule to a Code Integrity policy. By default, this cmdlet creates allow rules. Specify at least one scenario for the rule in the policy from the following scenarios:

  • User
  • Kernel
  • Update

Examples

Example 1: Create and add a signer rule for User mode

PS C:\> Add-SignerRule -FilePath '.\Policy.xml' -CertificatePath '.\certificate07.cer' -User

This command generates a signer rule for the certificate in certificate07.cer. The command adds the rule to policy.xml for the User mode scenario.

Parameters

-CertificatePath

Specifies the path of a certificate (.cer) file that this cmdlet uses for the rule.

Type:String
Aliases:c
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-CertStorePath

Specifies the path to a certificate store to export certificates into the policy.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Deny

Indicates that this cmdlet creates a deny rule instead of the default allow rule.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-FilePath

Specifies the path of the policy .xml file to which this cmdlet adds the rule.

Type:String
Aliases:f
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Kernel

Indicates that this cmdlet adds the rule as a Kernel mode rule. You can add a rule as more than one scenario.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Supplemental

Indicates that this cmdlet adds the rule as a Supplemental policy signers rule. You can add a rule as more than one scenario.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Update

Indicates that this cmdlet adds the rule as an Update policy signers rule. You can add a rule as more than one scenario.

Update policy signers rules to determine which signers can sign a policy in signed policy scenario.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-User

Indicates that this cmdlet adds the rule as a User mode rule. You can add a rule as more than one scenario.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False