I have recently deployed a certificate via GPO and wanted to see which machines it has been installed on and which do not have it.
Is there a way via a script or SCCM to find this out?
-
Find specific certificates installed on remote PC's
-
I am able to check if installed on my machine, is there a way to do this on remote computers?
if (Get-ChildItem -Path Cert:\LocalMachine\Root | Where-Object {$_.Thumbprint -eq "d2d18014060c598b84763527488598772g625522"}) { Write-Host "Installed" } else { Write-Host "Not Installed" }Thanks
-
Hi All,
Any ideas on this one please?
Thanks
-
Do you need to check a single machine or many?
The easiest way to check a single machine would be to start a PSSession with the remote computer and then execute your script.
-
Hi @Mike-Rodrick, It's for many machines on our domain, we have over just over 200 workstations.
We also have SCCM, not sure if it can be done through their?
Thanks
-
I would use Invoke-Command.
Invoke-Command -scriptblock { if (Get-ChildItem -Path Cert:\LocalMachine\Root | Where-Object {$_.Thumbprint -eq "d2d18014060c598b84763527488598772g625522"}) { Write-Host "Installed" } else { Write-Host "Not Installed" } } -ComputerName svr01You can replace svr01 with a variable, and loop through a list of computers.
-
@Mike-Rodrick Thanks for the quick reply, appreciate it.
I just tried the script but get the following error;
WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. -
Is WinRM enabled on the remote computers?
-
Invoke-Command -ScriptBlock {winrm get winrm/config} -ComputerName svr01 -
@Mike-Rodrick Looks like it fails the connection, so maybe it's not enabled in the firewall?
Any ideas on how we can roll this out or alternative way of trying to see if that certificate is installed on remote workstations?
-
I don't know of a way to accomplish this with SCCM. I don't believe SCCM captures certificate data. You would end up using a PowerShell script in SCCM, which will rely on WinRM being configured on the remote machines.
You can use group policy to enable WinRM and make the firewall exceptions.
