MIES icon indicating copy to clipboard operation
MIES copied to clipboard
verified publisher icon AllenInstitute

Revise ITC ASLR powershell script

Open t-b opened this issue 5 years ago • 1 comments

It is currently required that powershell scripts are allowed on the host to follow the steps at https://github.com/AllenInstitute/ITCXOP2/#windows-10. If that is not the case MIES will not work.

One can enable powershell scripts on an administrator powershell via

Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope CurrentUser

but that opens a milky way sized security hole on the machine.

We now automatically execute the ps scripts from the ITCXOP2 in the installer. See https://github.com/AllenInstitute/MIES/pull/528. But we still need to sign the powershell scripts so that they are always executed.

t-b avatar Feb 09 '20 21:02 t-b

Sign scripts with EV certificate.

timjarsky avatar Dec 07 '22 00:12 timjarsky

  1. Allow signed scripts
Set-ExecutionPolicy -ExecutionPolicy AllSigned -Scope CurrentUser
  1. Add certificate issuer to the list of trusted publishers
"CN=Allen Institute, O=Allen Institute, S=Washington, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Washington, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=602 146 775"

or as a file https://github.com/AllenInstitute/MIES/blob/main/tools/installer/public-key.cer.

Image
  1. Run the sript as admin

t-b avatar Sep 30 '25 00:09 t-b