PowerShell access denied to cert:\CurrentUser\My

certificatecode-signingpowershell

PS cert:\currentuser\my> dir  
Get-ChildItem : Access is denied.
At line:1 char:3
+ dir <<<<

I cannot access any of my code signing certificates to sign a PowerShell script. I can open MMC, Certificates, and see that my code signing certificates are installed and valid on my machine (Windows XP SP 3).

The other weird thing is that I cannot access any of my mapped network drives from PowerShell, but I can see them fine in Windows Explorer and a DOS window.

I've uninstalled PowerShell, rebooted, and re-installed PowerShell 1, but still have the same problem.

EDIT: My day-to-day account on this machine is NOT an administrator, but I do have an administrator account I can use for tasks that require it. The code signing certificate is assigned to my day-to-day account, and I should not have to be an administrator to sign code. I'm not sure how to give this account rights to the certificate store.

EDIT 2: I ran FileMon and RegMon to see what I am being denied access to. cert:CurrentUser\My is the folder C:\Documents and Settings\USERNAME\Application Data\Microsoft\SystemCertificates\My\Certificates. It also denied me access to C:\Documents and Settings\USERNAME\Local Settings\Temp. I can open Explorer and get to the files in these folders with no problem. I temporarily gave Everyone full rights to these folders and still received the access denied message from PowerShell.

Google hasn't revealed much. What should I do?

Message from Windows PowerShell event log:

Provider Health: Attempting to perform the GetChildItems operation on  
the 'Certificate' provider failed for path '\currentuser\my'. Access is denied.

Details: 
ProviderName=Certificate
ExceptionClass=ProviderInvocationException
ErrorCategory=InvalidOperation
ErrorId=GetChildrenProviderException
ErrorMessage=Attempting to perform the GetChildItems operation on  
       the 'Certificate' provider failed for path '\currentuser\my'.  
       Access is denied.

Severity=Warning
SequenceNumber=146

HostName=ConsoleHost
HostVersion=1.0.0.0
     .....

Best Answer

Sounds like you have permissions issues.

Is this an admin account on this PC, are you subject to domain controls, and are there group policies enabled?

I'm guessing this PC is locked down more than PowerShell would like. Some admins won't allow it to run at all since it's possible to do some damage.

When you run Set-ExecutionPolicy RemoteSigned do you get any errors?

Related Question