Share this post: This is part of an ongoing blog series by Adam Gordon. Adam will show you how to use each PowerShell command each week. This week, Adam covers Get-AuthenticodeSignature.
When should you use Get-Authenticode Signature
The Get-AuthenticodeSignature cmdlet gets information about the Authenticode signature for a file or file content as a byte array.
If the file isn’t signed, the information can be retrieved but the fields remain blank.
What version of PowerShell should I use for this blog?
Get the PowerShell Version for your machine
This command displays the PowerShell version information for your machine.
How to use Get-AuthenticodeSignature?
For a file, get the Authenticode signature:
Get-AuthenticodeSignature -FilePath “C:\Windows\Regedit.exe”
The Get-AuthenticodeSignature cmdlet gets information about the Authenticode signature for the Regedit.exe file. It uses the –FilePath parameter for specifying the file.
Only valid Authenticode signatures are required for multiple files
Get-ChildItem $PSHOME\*. * | ForEach-object Get-AuthenticodeSignature $_ | Where-Object $_.status -eq “Valid”
This command lists all files in the $PSHOME directory with a valid Authenticode Signature. The $PSHOME variable automatically contains the path to the PowerShell installation director.
To retrieve files from the $PSHOME directory, the command uses the Get–ChildItem cmdlet. It uses the following pattern: It can exclude directories (although it will also exclude files without a dot in their filename).
The command uses a pipeline operator (|) to send the files in $PSHOME to the ForEach-Object cmdlet, where Get-AuthenticodeSignature is called for each file.
The results of the Get-AuthenticodeSignature command are sent to a Where-Object command that selects only the signature objects with a status of Valid.
Check out the command last week: Test-FileCatalog.
Do you need PowerShell training? ITProTV offers PowerShell online IT training courses.