The Add-SignerRule cmdlet creates a signer rule based on a certificate, and then adds the rule to a Code Integrity policy.
By default, this cmdlet creates allow rules.
Specify at least one scenario for the rule in the policy from the following scenarios:
User
Kernel
Update
Examples
Example 1: Create and add a signer rule for User mode
This command generates a signer rule for the certificate in certificate07.cer.
The command adds the rule to policy.xml for the User mode scenario.
Parameters
-CertificatePath
Specifies the path of a certificate (.cer) file that this cmdlet uses for the rule.
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Aliases:
c
Parameter sets
Certificate
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-CertStorePath
Specifies the path to a certificate store to export certificates into the policy.
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
CertStore
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Deny
Indicates that this cmdlet creates a deny rule instead of the default allow rule.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-FilePath
Specifies the path of the policy .xml file to which this cmdlet adds the rule.
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Aliases:
f
Parameter sets
(All)
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Kernel
Indicates that this cmdlet adds the rule as a Kernel mode rule.
You can add a rule as more than one scenario.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Supplemental
Indicates that this cmdlet adds the rule as a Supplemental policy signers rule.
You can add a rule as more than one scenario.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Update
Indicates that this cmdlet adds the rule as an Update policy signers rule.
You can add a rule as more than one scenario.
Update policy signers rules to determine which signers can sign a policy in signed policy scenario.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-User
Indicates that this cmdlet adds the rule as a User mode rule.
You can add a rule as more than one scenario.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters.