🏠 Home
Interactive HTML Guide

PowerShell Signing, Scheduling, and AllSigned Deployment Guide

This ready to use website includes the full step by step guide for checking running PowerShell scripts, reviewing scheduled tasks, locating script paths, creating a code signing certificate, signing scripts, verifying signatures, trusting the certificate, registering professional scheduled tasks with AllSigned, adding a new one time task, and deploying trust across a 6 PC setup.

Everything below is integrated into one structured, user friendly page with clickable navigation, collapsible steps, and download buttons for every script block.

Modern responsive layout Copy and download code Step by step flow All content preserved

Complete Step by Step Guide

Managing Running PowerShell Scripts, Scheduled Tasks, Code Signing, AllSigned Setup, and Deploying to 6 PCs

This guide shows you how to:

  1. Check how many PowerShell scripts are currently running
  2. Find scheduled PowerShell tasks
  3. Identify the exact script paths used by those tasks
  4. Create a code-signing certificate
  5. Sign your scripts
  6. Verify signatures
  7. Export and trust the certificate
  8. Register professional scheduled tasks with AllSigned
  9. Add a new one-time task for a script that should run in 3 days
  10. Deploy trust to the other 5 PCs in your 6-PC setup
Visually appealingModern dark professional design with clear cards, hover effects, and polished code blocks.
InteractiveSticky navigation, search filter, collapsible content, copy buttons, and script downloads.
Easy to followEvery part is separated clearly and written for users of all levels.
CompleteNo script or instruction from the guide content is omitted.

Part 1 - Check How Many PowerShell Scripts Are Currently Running

Use this command to see all currently running PowerShell processes:

Get-CimInstance Win32_Process -Filter "Name = 'powershell.exe' OR Name = 'pwsh.exe'" |
Select-Object ProcessId, CommandLine |
Format-Table -AutoSize

What this does

  • Shows all running instances of powershell.exe
  • Shows all running instances of pwsh.exe
  • Displays Process ID and full command line used to launch the script

This helps you see which scripts are currently active on the PC.

Part 2 - View Scheduled Tasks That Use PowerShell

Option A - Use PowerShell to List Scheduled Tasks

This is the fastest way to see which scheduled tasks are set to run PowerShell scripts.

Get-ScheduledTask |
Where-Object { $_.Actions.Execute -match "powershell" } |
Select-Object TaskName, TaskPath, State |
Format-Table -AutoSize

What this shows

  • Task name
  • Task path
  • Current state

Option B - See Last Run Time and Next Run Time

If you want to know when the tasks last ran and when they will run next:

Get-ScheduledTask |
Where-Object { $_.Actions.Execute -match "powershell" } |
ForEach-Object {
    $task = $_
    $info = $task | Get-ScheduledTaskInfo
    [PSCustomObject]@{
        TaskName           = $task.TaskName
        TaskPath           = $task.TaskPath
        LastRunTime        = $info.LastRunTime
        NextRunTime        = $info.NextRunTime
        NumberOfMissedRuns = $info.NumberOfMissedRuns
    }
} |
Format-Table -AutoSize

What this shows

  • Task name
  • Task path
  • Last run time
  • Next run time
  • Number of missed runs

This is useful for spotting tasks due to run in the next few days.

Part 3 - Use the Task Scheduler GUI

If you prefer a visual interface:

  1. Click Start
  2. Type Task Scheduler
  3. Press Enter
  4. Click Task Scheduler Library in the left pane
  5. Look through the list of tasks
  6. Check the Next Run Time column
  7. Double click any task
  8. Go to the Actions tab
  9. Review which .ps1 file the task is pointing to

This is useful when you want to visually inspect the task setup.

Part 4 - Why These Scheduled Scripts Matter Before Enabling AllSigned

If you are about to implement a professional AllSigned execution policy, any scheduled script that is not signed will fail when Windows tries to run it.

Important warning: If your scheduled tasks are due to run in 2 or 3 days and you enable AllSigned now without signing those scripts first, they will fail because Windows will treat them as untrusted.

We must sign them immediately. If you enable the AllSigned policy now, these tasks will fail on Tuesday morning because Windows will see them as untrusted.

Part 5 - Your Immediate To Do List

Before enabling AllSigned, do these things:

Part 6 - Find the Exact Script File Paths Used by Scheduled Tasks

The task names alone are not enough. You need the actual .ps1 file paths so you can sign them.

Run this:

Get-ScheduledTask |
Where-Object { $_.TaskName -match "Winget|Update|Incident" } |
ForEach-Object {
    $task = $_
    foreach ($action in $task.Actions) {
        [PSCustomObject]@{
            TaskName = $task.TaskName
            Execute  = $action.Execute
            Arguments = $action.Arguments
        }
    }
} |
Format-List

What to look for

Look inside the Arguments field for the part after -File.

-File "C:\Scripts\Update.ps1"

That tells you exactly where the script lives on disk.

Part 7 - Create the Corrected Master Code Signing Certificate

Run this in an Administrator PowerShell window:

$cert = New-SelfSignedCertificate -Type CodeSigningCert `
    -Subject "CN=UmerMalikHomeRootCA" `
    -HashAlgorithm "SHA256" `
    -KeyExportPolicy Exportable `
    -KeyUsage DigitalSignature, CertSign `
    -NotAfter (Get-Date).AddYears(10) `
    -CertStoreLocation "Cert:\CurrentUser\My"

Write-Host "Master Certificate Created Successfully!" -ForegroundColor Green
Write-Host "Subject: $($cert.Subject)" -ForegroundColor Cyan

What this does

  • Creates your master code signing certificate
  • Uses SHA256
  • Makes the key exportable
  • Keeps it valid for 10 years
  • Stores it in your personal certificate store

Part 8 - Sign Your 3 Main Scripts

Once the certificate exists in your store, sign the scripts.

Example folder:

C:\scripts\production

Example scripts:

  • scanner.ps1
  • Winget-update.ps1
  • win-update.ps1

Run this:

$cert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1

$scriptFolder = "C:\scripts\production"
$myScripts = @(
    "$scriptFolder\scanner.ps1",
    "$scriptFolder\Winget-update.ps1",
    "$scriptFolder\win-update.ps1"
)

foreach ($path in $myScripts) {
    if (Test-Path $path) {
        Write-Host "`nSigning: $path" -ForegroundColor Cyan
        Set-AuthenticodeSignature -FilePath $path -Certificate $cert -TimestampServer "http://timestamp.digicert.com"
    } else {
        Write-Host "`nWARNING: Script file not found at $path" -ForegroundColor Yellow
    }
}

Part 9 - Alternative Bulk Signing Example for Different Script Paths

If your scripts are elsewhere, use the same pattern and replace the paths:

$cert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1

$myScripts = @(
    "C:\Path\To\Winget-Script.ps1",
    "C:\Path\To\Update-Script.ps1",
    "C:\Path\To\Incident-Script.ps1"
)

foreach ($script in $myScripts) {
    if (Test-Path $script) {
        Write-Host "Signing: $script" -ForegroundColor Cyan
        Set-AuthenticodeSignature -FilePath $script -Certificate $cert -TimestampServer "http://timestamp.digicert.com"
    } else {
        Write-Host "File not found: $script" -ForegroundColor Red
    }
}

Part 10 - Verify the Signature Results

After signing, check the results.

For the production folder:

Get-ChildItem "C:\scripts\production\*.ps1" | ForEach-Object {
    Get-AuthenticodeSignature -FilePath $_.FullName
} | Format-Table -AutoSize
What you want to see: You want the signature status to show as valid once the certificate is trusted properly.

Part 11 - Export the Certificate to a File

You must export the certificate so your current PC can trust it fully and the other 5 PCs can trust your signed scripts.

Run this on your main PC:

$cert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
$exportPath = "C:\scripts\production\UmerMalikHomeRoot.cer"

Export-Certificate -Cert $cert -FilePath $exportPath

Write-Host "Certificate exported to $exportPath" -ForegroundColor Green

Part 12 - Trust the Certificate Locally on Your Main PC

This step is required so your own PC sees the signature as trusted.

Run:

$certFile = "C:\scripts\production\UmerMalikHomeRoot.cer"

Import-Certificate -FilePath $certFile -CertStoreLocation Cert:\LocalMachine\Root
Import-Certificate -FilePath $certFile -CertStoreLocation Cert:\LocalMachine\TrustedPublisher

Write-Host "Certificate exported and trusted locally!" -ForegroundColor Green

What this does

  • Imports the certificate into Trusted Root Certification Authorities
  • Imports the certificate into Trusted Publishers
  • Tells Windows the certificate authority is trusted
  • Tells Windows scripts signed by that certificate are trusted

Part 13 - Update the Task Action Arguments

For a professional setup, edit each scheduled task so the action uses:

-ExecutionPolicy AllSigned -File ...

Using Task Scheduler GUI

  1. Open Task Scheduler
  2. Right click the task
  3. Select Properties
  4. Go to the Actions tab
  5. Click Edit
  6. In Add arguments, make sure it begins with:
-NoProfile -ExecutionPolicy AllSigned -File "C:\Path\To\YourScript.ps1"

This ensures the task explicitly checks the script signature when it runs.

Part 14 - Professional Automated Task Registration

Below is the cleaned and organised script to register your three core production tasks.

# ======================================================================
# Professional Automated Task Registration
# ======================================================================

$ScriptDir = "C:\scripts\production"
$ActionUser = "SYSTEM"

$Tasks = @(
    @{
        Name     = "Winget Enterprise Ultimate"
        File     = "Winget-update.ps1"
        Schedule = "Weekly"
        Days     = "Tuesday"
        At       = "09:00AM"
        Args     = $null
    },
    @{
        Name     = "Auto Windows Update Script"
        File     = "win-update.ps1"
        Schedule = "Weekly"
        Days     = "Tuesday"
        At       = "07:00AM"
        Args     = $null
    },
    @{
        Name     = "IR-IncidentContainment-Mode2"
        File     = "scanner.ps1"
        Schedule = "Weekly"
        Days     = "Wednesday"
        At       = "06:00AM"
        Args     = "-Mode 2"
    }
)

foreach ($T in $Tasks) {
    $FullScriptPath = Join-Path $ScriptDir $T.File

    $FullArgs = "-NoProfile -ExecutionPolicy AllSigned -File `"$FullScriptPath`""
    if ($T.Args) {
        $FullArgs += " $($T.Args)"
    }

    $Action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument $FullArgs
    $Trigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek $T.Days -At $T.At
    $Settings = New-ScheduledTaskSettingsSet `
        -AllowStartIfOnBatteries `
        -DontStopIfGoingOnBatteries `
        -StartWhenAvailable `
        -RunOnlyIfNetworkAvailable

    try {
        Register-ScheduledTask -TaskName $T.Name `
            -Action $Action `
            -Trigger $Trigger `
            -Settings $Settings `
            -User $ActionUser `
            -RunLevel Highest `
            -Force

        Write-Host "SUCCESS: Registered $($T.Name)" -ForegroundColor Green
    } catch {
        Write-Host "FAILED: Could not register $($T.Name). Error: $($_.Exception.Message)" -ForegroundColor Red
    }
}

Part 15 - Why the Incident Task Showed a Missed Run

If IR-IncidentContainment-Mode2 shows:

NumberOfMissedRuns = 1

this usually means one of these happened:

  • The PC was turned off at the scheduled time
  • The PC was unavailable at the scheduled time
  • The task was not configured to start after a missed run
Recommendation: Open the task settings and enable Run task as soon as possible after a scheduled start is missed. This is especially important for security scripts.

Part 16 - Add a New Script That Must Run in 3 Days

If you want to add a new script such as C:\scripts\production\backup-files.ps1 and make it run once in three days, follow this workflow.

Step 1 - Sign the New Script First

Because you are using AllSigned, the script must be signed before scheduling it.

$cert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
Set-AuthenticodeSignature -FilePath "C:\scripts\production\backup-files.ps1" -Certificate $cert -TimestampServer "http://timestamp.digicert.com"
Step 2 - Register the One Time Task

This schedules it to run once, three days from now, at 10:00 AM.

$RunDate = (Get-Date).AddDays(3).Date.AddHours(10)

$FullScriptPath = "C:\scripts\production\backup-files.ps1"
$Action = New-ScheduledTaskAction -Execute "powershell.exe" `
    -Argument "-NoProfile -ExecutionPolicy AllSigned -File `"$FullScriptPath`""

$Trigger = New-ScheduledTaskTrigger -Once -At $RunDate

Register-ScheduledTask -TaskName "OneTime-BackupFiles" `
    -Action $Action `
    -Trigger $Trigger `
    -User "SYSTEM" `
    -RunLevel Highest `
    -Force

Write-Host "Task registered! It will run on $($RunDate.ToString('dddd, dd MMMM yyyy')) at $($RunDate.ToString('HH:mm'))." -ForegroundColor Green
Step 3 - Verify the One Time Schedule 
Get-ScheduledTask -TaskName "OneTime-BackupFiles" |
Get-ScheduledTaskInfo |
Select-Object LastRunTime, NextRunTime

Important Notes for Your 6 PC Setup

  • Make sure backup-files.ps1 exists in C:\scripts\production on all required PCs before registering the task
  • Because the script is signed and the task uses -ExecutionPolicy AllSigned, it will run properly under the policy
  • A one time task stays in Task Scheduler after it runs, but it will not run again unless triggered again

Optional cleanup

If you want the task to delete itself after running, you can add a settings block when registering it:

$Settings = New-ScheduledTaskSettingsSet -DeleteExpiredTaskAfter (New-TimeSpan -Seconds 0)

Then include -Settings $Settings in the Register-ScheduledTask command.

Part 17 - Copy the Certificate to the Other 5 PCs

To make the other 5 PCs trust your signed scripts, you must copy the public certificate file, not the private key.

Chain of trust

  • Main PC = holds the private key and signs scripts
  • .cer file = contains the public key and verifies signatures
  • Other 5 PCs = trust the public certificate so they accept your signed scripts

Transfer Methods

You can move the .cer file by:

  • USB drive
  • Network share
  • Cloud storage such as OneDrive, Google Drive, or Dropbox

Example certificate file:

C:\scripts\production\UmerMalikHomeRoot.cer

Part 18 - Import and Trust the Certificate on the Other 5 PCs

Run this as Administrator on each of the other PCs:

$certFile = "C:\scripts\production\UmerMalikHomeRoot.cer"

if (Test-Path $certFile) {
    Import-Certificate -FilePath $certFile -CertStoreLocation Cert:\LocalMachine\Root
    Import-Certificate -FilePath $certFile -CertStoreLocation Cert:\LocalMachine\TrustedPublisher

    Write-Host "Success! This PC now trusts your signed scripts." -ForegroundColor Green
} else {
    Write-Host "Error: Certificate file not found at $certFile" -ForegroundColor Red
}

Part 19 - Final Verification on Every PC

After importing the certificate on each PC, run a signature check on the scripts that were copied over.

Example:

Get-ChildItem "C:\scripts\production\*.ps1" | ForEach-Object {
    Get-AuthenticodeSignature -FilePath $_.FullName
} | Format-Table -AutoSize
Expected result: If the trust chain is correct, the scripts should show as Valid. Once you see that, you are ready to enforce AllSigned.

Part 20 - Final Professional Workflow Summary

Here is the correct order to follow:

Stage 1 - Discovery

  1. Check running PowerShell scripts
  2. List scheduled PowerShell tasks
  3. Review last and next run times
  4. Find the exact .ps1 paths used by the tasks

Stage 2 - Certificate Setup

  1. Create the master code signing certificate
  2. Export the certificate to a .cer file
  3. Trust it locally on your main PC

Stage 3 - Signing

  1. Sign the three main scripts
  2. Sign any new script before scheduling it
  3. Verify the signature results

Stage 4 - Scheduled Tasks

  1. Update or recreate scheduled tasks using powershell.exe, -NoProfile, -ExecutionPolicy AllSigned, and -File "path\to\script.ps1"
  2. Make sure important security tasks use Run task as soon as possible after a scheduled start is missed

Stage 5 - Multi PC Trust

  1. Copy the .cer file to the other 5 PCs
  2. Import it into Cert:\LocalMachine\Root and Cert:\LocalMachine\TrustedPublisher
  3. Verify the scripts show as Valid

Part 21 - Clean Reference Commands Only

See running PowerShell scripts 
Get-CimInstance Win32_Process -Filter "Name = 'powershell.exe' OR Name = 'pwsh.exe'" |
Select-Object ProcessId, CommandLine |
Format-Table -AutoSize
List scheduled PowerShell tasks 
Get-ScheduledTask |
Where-Object { $_.Actions.Execute -match "powershell" } |
Select-Object TaskName, TaskPath, State |
Format-Table -AutoSize
Show last run and next run 
Get-ScheduledTask |
Where-Object { $_.Actions.Execute -match "powershell" } |
ForEach-Object {
    $task = $_
    $info = $task | Get-ScheduledTaskInfo
    [PSCustomObject]@{
        TaskName           = $task.TaskName
        TaskPath           = $task.TaskPath
        LastRunTime        = $info.LastRunTime
        NextRunTime        = $info.NextRunTime
        NumberOfMissedRuns = $info.NumberOfMissedRuns
    }
} |
Format-Table -AutoSize
Reveal task action arguments and script paths 
Get-ScheduledTask |
Where-Object { $_.TaskName -match "Winget|Update|Incident" } |
ForEach-Object {
    $task = $_
    foreach ($action in $task.Actions) {
        [PSCustomObject]@{
            TaskName  = $task.TaskName
            Execute   = $action.Execute
            Arguments = $action.Arguments
        }
    }
} |
Format-List
Create certificate 
$cert = New-SelfSignedCertificate -Type CodeSigningCert `
    -Subject "CN=UmerMalikHomeRootCA" `
    -HashAlgorithm "SHA256" `
    -KeyExportPolicy Exportable `
    -KeyUsage DigitalSignature, CertSign `
    -NotAfter (Get-Date).AddYears(10) `
    -CertStoreLocation "Cert:\CurrentUser\My"
Sign scripts 
$cert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
Set-AuthenticodeSignature -FilePath "C:\scripts\production\backup-files.ps1" -Certificate $cert -TimestampServer "http://timestamp.digicert.com"
Export certificate 
$cert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
Export-Certificate -Cert $cert -FilePath "C:\scripts\production\UmerMalikHomeRoot.cer"
Trust certificate 
Import-Certificate -FilePath "C:\scripts\production\UmerMalikHomeRoot.cer" -CertStoreLocation Cert:\LocalMachine\Root
Import-Certificate -FilePath "C:\scripts\production\UmerMalikHomeRoot.cer" -CertStoreLocation Cert:\LocalMachine\TrustedPublisher
Verify signatures 
Get-ChildItem "C:\scripts\production\*.ps1" | ForEach-Object {
    Get-AuthenticodeSignature -FilePath $_.FullName
} | Format-Table -AutoSize

Original Content Preservation Notes

This HTML page integrates the full guide content into a structured website format while preserving the complete instructions, scripts, paths, examples, warnings, and workflow details. Repeated raw fragments from the source notes were consolidated into their correct step locations so the guide is easier to follow without losing any actual instruction.

Included throughout this page: how to view running PowerShell scripts, list scheduled tasks, inspect next run time, inspect last run time and missed runs, use Task Scheduler GUI, prepare for an AllSigned setup, locate scripts, sign them now, update task actions, understand the missed run on the Incident task, create the master certificate, export it, trust it locally, register professional scheduled tasks, register a one time task for a script running in three days, copy the certificate to the other 5 PCs, import and trust it there, verify with Get-AuthenticodeSignature, and follow the final chain of trust summary.

The page also adds hover effects, responsive layout, filterable navigation, sticky menus, copy controls, download controls, and clear sectioning so users can navigate and interact without confusion.