I have recently deployed a certificate via GPO and wanted to see which machines it has been installed on and which do not have it.
Is there a way via a script or SCCM to find this out?
I have recently deployed a certificate via GPO and wanted to see which machines it has been installed on and which do not have it.
Is there a way via a script or SCCM to find this out?
I am able to check if installed on my machine, is there a way to do this on remote computers?
if (Get-ChildItem -Path Cert:\LocalMachine\Root | Where-Object {$_.Thumbprint -eq "d2d18014060c598b84763527488598772g625522"})
{
Write-Host "Installed"
}
else
{
Write-Host "Not Installed"
}
Thanks
Hi All,
Any ideas on this one please?
Thanks
Do you need to check a single machine or many?
The easiest way to check a single machine would be to start a PSSession with the remote computer and then execute your script.
Mike Rodrick
Edutainer, ITProTV
**if the post above has answered the question, please mark the topic as solved.
Hi @Mike-Rodrick, It's for many machines on our domain, we have over just over 200 workstations.
We also have SCCM, not sure if it can be done through their?
Thanks
I would use Invoke-Command.
Invoke-Command -scriptblock {
if (Get-ChildItem -Path Cert:\LocalMachine\Root | Where-Object {$_.Thumbprint -eq "d2d18014060c598b84763527488598772g625522"}) {
Write-Host "Installed"
}
else {
Write-Host "Not Installed"
}
} -ComputerName svr01
You can replace svr01 with a variable, and loop through a list of computers.
Mike Rodrick
Edutainer, ITProTV
**if the post above has answered the question, please mark the topic as solved.
@Mike-Rodrick Thanks for the quick reply, appreciate it.
I just tried the script but get the following error;
WinRM cannot complete the operation. Verify
that the specified computer name is valid, that the computer is accessible over the
network, and that a firewall exception for the WinRM service is enabled and allows
access from this computer.
Is WinRM enabled on the remote computers?
Mike Rodrick
Edutainer, ITProTV
**if the post above has answered the question, please mark the topic as solved.
Invoke-Command -ScriptBlock {winrm get winrm/config} -ComputerName svr01
Mike Rodrick
Edutainer, ITProTV
**if the post above has answered the question, please mark the topic as solved.
@Mike-Rodrick Looks like it fails the connection, so maybe it's not enabled in the firewall?
Any ideas on how we can roll this out or alternative way of trying to see if that certificate is installed on remote workstations?
I don't know of a way to accomplish this with SCCM. I don't believe SCCM captures certificate data. You would end up using a PowerShell script in SCCM, which will rely on WinRM being configured on the remote machines.
You can use group policy to enable WinRM and make the firewall exceptions.
Mike Rodrick
Edutainer, ITProTV
**if the post above has answered the question, please mark the topic as solved.