I guess the next problem is finding those that did not run it. Compare the results with the collection I suppose. Thanks.
From: [email protected] [mailto:[email protected]] On Behalf Of Sherry Kissinger Sent: Wednesday, September 30, 2015 12:03 PM To: [email protected] Subject: Re: [mssms] Querying for KB3097966 and Untrusted Certificates According to the article you reference: "for Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows 10 systems, you can check the Application log in the Event Viewer for an entry with the following values: * Source: CAPI2 * Level: Information * Event ID: 4112 * Description: Successful auto update of disallowed certificate list with effective date: Thursday, September 24, 2015 (or later). " So it sounds like some EventLog parsing is in your future... Might be able to POSH that, look at application log for eventID 4112/Source CAPI2, and see what you get. On Wednesday, September 30, 2015 10:42 AM, "Gushue, William" <[email protected]<mailto:[email protected]>> wrote: Is there a way to query systems to ensure this update has been applied? https://technet.microsoft.com/library/security/3097966 I see other versions in SCCM (2813430, for example – no 3097966 though), but Windows 8.1 is supposed to be using an automatic updates of revoked certificates. I have checked the folder in the Certificates mmc, but the list is not there, which indicates it has not run. Even so, I would like to query all systems. Thanks. ________________________________ ******************************************************************** This e-mail message is privileged, confidential and subject to copyright. Any unauthorized use or disclosure is prohibited. Le contenu du présent courriel est privilégié, confidentiel et soumis à des droits d'auteur. Il est interdit de l'utiliser ou de le divulguer sans autorisation. ********************************************************************
