Where is SignTool /d info (description of the signed content) used/displayed? - code-signing

In the SignTool documentation it is said:
/d Specifies a description of the signed content.
Where can I find that description?

One significant place, where the description is shown, is on the UAC prompt, when running a signed application (typically an installer) that needs Administrator privileges:

Related

Create script for mklink command

I want to create a bash file (.sh file) that creates a symlink using the dos mklink command.
mklink /D "path" "path"
Use this window command in bash
But when I tried that I got an error: mklink: command not found
How to solve that?
For use mklink in you Windows, read the information on ss64.com about.
Elevation
By default, only Administrators can create symbolic links. The security setting 'Create symbolic links' can be granted at: Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\*
Creating a symbolic link requires elevation, but from Windows 10 build 14972, symlinks can be created without needing to elevate the console as administrator - this does however require that you have Developer Mode enabled.
So, you can enable Developer Mode enabled
I prefer to apply a boot after any changes made to the system settings, this is my habit, so I restarted and typed:
C:\Users\ecker>mklink /D "%userprofile%\Documents\Call of Duty Black Ops II Saves" "C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\players"
symbolic link created for C:\Users\ecker\Documents\Call of Duty Black Ops II Saves <<===>> C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\players
C:\Users\ecker>mklink
Creates a symbolic link.
MKLINK [[/D] | [/H] | [/J]] Link Target
/D Creates a directory symbolic link. Default is a file
symbolic link.
/H Creates a hard link instead of a symbolic link.
/J Creates a Directory Junction.
Link Specifies the new symbolic link name.
Target Specifies the path (relative or absolute) that the new link
refers to.
Obs.: You can also activate Developer Mode for Windows 10 using PowerShell, also for cmd command line or batch file:
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" /t REG_DWORD /f /v "AllowDevelopmentWithoutDevLicense" /d "1"
Some further reading:
[√] MkLink /ss64.com
[√] MkLink /MS Doc's
[√] Enable Your Device For Development /MS Doc's

Give User Access To Sign A File

At the command prompt, as administrator, I can sign a file with signtool.exe. 15063.137. However, I am signing a file from within in app, and when I execute the same command from within the app, the command fails with an exit code of 1. I'm not 100% sure it's a permissions problem, but I'm guessing that it is. How can I give permission to the user that the app is running under to sign a file.
Do, I need to give the user special permission to use the certificate I am using?
PS: I've tried importing the certificate in to Trusted Publishers for the computer account, but for some reason, the certificate doesn't show up there in mmc.
I run signtool with just a normal-rights command box and I do not see a UAC prompt.
But this is with the certificate exported as a pfx file, for example:
"C:\Program Files (x86)\Windows Kits\10\App Certification Kit\SignTool.exe" sign /f c:\folder\cert.pfx /p PASSWORD /as /fd sha256 /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp /v "c:\folder\sub folder\file.exe"

Windows signtool.exe sign command /s option

When using the signtool to digitally sign a catalog file (*.cat), what does the /s option actually do?
Example:
signtool sign /s SomeStore c:/someCAT.cat
What does the SomeStore parameter for the /s option do? How does one confirm that this parameter is correct?
I have checked the Microsoft signtool documentation here: https://msdn.microsoft.com/en-us/library/8s9b9yaz(v=vs.110).aspx#sign, but it does not seem to provide this information.
The /s option refers to the Certificate Store from which the signtool will be obtaining the data (credentials) necessary to sign the catalog file. See the following:
Digital Certificates: https://msdn.microsoft.com/en-us/library/windows/desktop/aa381975(v=vs.85).aspx
Certificate Stores: https://msdn.microsoft.com/en-us/library/windows/desktop/aa386971(v=vs.85).aspx
Running the signtool with the verify command provides feed back on whether the store specified with the /s option was valid.
Example:
signtool verify /pa /v c:\someCAT.cat
where the /pa and /v are described here: https://msdn.microsoft.com/en-us/library/windows/desktop/aa387764(v=vs.85).aspx

Script that runs "reg add" as admin

I need help in making a script (bat, vbs, whatever) that runs at startup as a different user (admin) the following command:
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome /f /v RestoreOnStartup /t REG_DWORD /d 1
I've tried combining that with "runas /savecred /user:administrator", without any success..
Background
On my work computer, in Chrome, the Startup Options are disabled. The only way to change them is through the registry, but after every restart, it reverts back to its original form (Continue where left off disabled).
So I would like a script that does enables it every time, so I don't have to do it manually.
If you have default settings use RunAs with the administrator account, except it will be disabled (but if it isn't is will run elevated as if standard settings apply).
This is a security not a programming question.
net user administrator /active:yes
You then have to allow logon with blank password in Local Security Policy.
Then
runas /user server\administrator "notepad.exe \"c:\windows\win.ini\""
The server is YOUR computer name.
I just turn offf UAC.

How to install Node.js in custom folder silently on Windows?

I create a script to auto install all my dev stack on Windows.
I have a problem with Node.js
What's the command line to install node-v0.10.23-x64.msi in C:\Tools silently?
Thanks.
I found it.
This is the correct way to install Node.js on Windows silently in a custom directory.
msiexec.exe /i node-v0.10.23-x64.msi INSTALLDIR="C:\Tools\NodeJS" /quiet
msiexec.exe /i node-v0.10.23-x64.msi /qn
/i means normal install
/qn means no UI
I do not known how to set the destination, you can read documentation here, and check if msi supports it:
http://www.advancedinstaller.com/user-guide/msiexec.html
This will do the exact installation as doing it manual from the UI
msiexec /i node-v6.11.2-x64.msi TARGETDIR="C:\Program Files\nodejs\" ADDLOCAL="NodePerfCtrSupport,NodeEtwSupport,DocumentationShortcuts,EnvironmentPathNode,EnvironmentPathNpmModules,npm,NodeRuntime,EnvironmentPath" /qn
To expand a little on foozar's answer, which works.
msiexec.exe /i node-v0.10.23-x64.msi INSTALLDIR="C:\Tools\NodeJS" /quiet
Note that /quiet may be better replaced with /passive:
Passive shows the status bar, and more importantly, prompts the user for the admin password if needed.
Quiet mode will just fail if the installer doesn't have privileges.

Resources