PDQ Connect and All Signed PowerShell Environments
This article is intended to help users who work with PDQ Connect in environments where the PowerShell execution policy is set to AllSigned. In these scenarios, attempting to run a PowerShell script or command through PDQ Connect may result in an error similar to the one shown below.
You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.This guide pertains to PowerShell scripts developed and distributed by PDQ.com. If you encounter this error while running custom PowerShell scripts not authored by PDQ, refer to our article on Signing Your PowerShell Scripts.
Overview
Like all PowerShell scripts, the scripts run by PDQ Connect are subject to your organization's script execution policies. Every PowerShell script included in a prebuilt PDQ-package is signed with a code-signing certificate issued by Digicert. This certificate is not included in the Trusted Publishers on Windows by default and is the same code signing certificate with which we sign our applications. If your organization has set an execution policy of AllSigned through Group Policy, then you will need to import our certificate into your Trusted Root CA Store.
The certificate can be exported from the PDQ Connect agent itself. The latest PDQ Certificate is always included in the current version of the agent. The method below will export a .cer file that you can deploy in whichever manner you chose:
Note: Agents downloaded from a trial account will use a unique certificate that differs from agents on an active subscription. If you need a copy of the latest production certificate while using a trial account, contact PDQ Support.
Thumbprint for latest certificate (valid 10/8/2025 - 9/21/2028):
E706901A2E7EB16DA4D420BF61BBC47BFBBF8CE6CN=PDQ.COM CORPORATION, O=PDQ.COM CORPORATION, L=South Salt Lake, S=Utah, C=US
Thumbprint for latest trial certificate (valid 10/13/2025 - 9/21/2028):
3a248dc8739b1e397e668f0a0c28ba92d39a8da1CN=PDQ.COM CORPORATION, O=PDQ.COM CORPORATION, L=South Salt Lake, S=Utah, C=US
Export the PDQ Certificate
Use the following method to obtain a copy of the Digitcert certificate:
- Download the latest PDQ Connect agent from app.pdq.com and save it to a location on your PC. We're going to place it in C:\ for this example.
- Open PowerShell and run the following two commands. Note that the file path in the first line will need to be changed to the full path of the PDQ Connect Agent MSI file that you downloaded previously. The name of the msi file will also need to be changed to match the current version in the filename.
Command to define the code-signing certificate as a variable:
$cert = (Get-AuthenticodeSignature -FilePath "C:\PDQConnectAgent-x.x.x.msi").SignerCertificateCommand to export the certificate to a file:
Export-Certificate -Cert $cert -FilePath C:\pdqcert.cer -Type CertYou should now see the exported certificate file with the name and location you specified on the second line.
Installing the Certificate
Once you've successfully exported the certificate as a .cer file, you can deploy it across your environment using several methods.
Install via Group Policy
For traditional Active Directory environments, installing via Group Policy is the preferred approach. To ensure scripts run without prompting for confirmation, import the certificate into both of the following Group Policy locations:
Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies > Trusted Root Certification Authorities
Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies > Trusted Publishers
Microsoft's instructions on this process can be found at the link below.
If you have set your execution policy via group policy, this is the only option you can use.
Install via PowerShell
The PowerShell command below may be used to import the certificate created previously to the computer Trusted Publishers store. If you are using PDQ Connect to deploy the certificate in an AllSigned environment, you will need to sign the script with your own certificate.
Import-Certificate -Filepath C:\pdqcert.cer -CertStoreLocation Cert:\LocalMachine\TrustedPublisher\Install via Intune
See the following resource from Microsoft to install the certificate via Intune by using Trusted root certificate profiles.
