PS cert:\currentuser\my> dir
Get-ChildItem : Access is denied.
At line:1 char:3
+ dir <<<<
I cannot access any of my code signing certificates to sign a PowerShell script. I can open MMC, Certificates, and see that my code signing certificates are installed and valid on my machine (Windows XP SP 3).
The other weird thing is that I cannot access any of my mapped network drives from PowerShell, but I can see them fine in Windows Explorer and a DOS window.
I've uninstalled PowerShell, rebooted, and re-installed PowerShell 1, but still have the same problem.
EDIT: My day-to-day account on this machine is NOT an administrator, but I do have an administrator account I can use for tasks that require it. The code signing certificate is assigned to my day-to-day account, and I should not have to be an administrator to sign code. I'm not sure how to give this account rights to the certificate store.
EDIT 2: I ran FileMon and RegMon to see what I am being denied access to. cert:CurrentUser\My
is the folder C:\Documents and Settings\USERNAME\Application Data\Microsoft\SystemCertificates\My\Certificates
. It also denied me access to C:\Documents and Settings\USERNAME\Local Settings\Temp
. I can open Explorer and get to the files in these folders with no problem. I temporarily gave Everyone
full rights to these folders and still received the access denied message from PowerShell.
Google hasn't revealed much. What should I do?
Message from Windows PowerShell event log:
Provider Health: Attempting to perform the GetChildItems operation on
the 'Certificate' provider failed for path '\currentuser\my'. Access is denied.
Details:
ProviderName=Certificate
ExceptionClass=ProviderInvocationException
ErrorCategory=InvalidOperation
ErrorId=GetChildrenProviderException
ErrorMessage=Attempting to perform the GetChildItems operation on
the 'Certificate' provider failed for path '\currentuser\my'.
Access is denied.
Severity=Warning
SequenceNumber=146
HostName=ConsoleHost
HostVersion=1.0.0.0
.....
Best Answer
Sounds like you have permissions issues.
Is this an admin account on this PC, are you subject to domain controls, and are there group policies enabled?
I'm guessing this PC is locked down more than PowerShell would like. Some admins won't allow it to run at all since it's possible to do some damage.
When you run
Set-ExecutionPolicy RemoteSigned
do you get any errors?