How about this:
Get-ChildItem Cert:\localmachine\My |
% {
$_ | Select `
Friendlyname,
Thumbprint,
@{N="Template";E={($_.Extensions |
?{$_.oid.Friendlyname -match "Certificate Template
Information"}).Format(0) `
-replace "(.+)?=(.+)\((.+)?", '$2'}},
@{N="Subject";E={$_.SubjectName.name}}
}
You could then act on whatever you named your ConfigMgr cert if found in the
results.
From: [email protected] [mailto:[email protected]] On
Behalf Of Beardsley, James
Sent: Thursday, January 16, 2014 11:28 AM
To: [email protected]
Subject: [mssms] RE: Certificate issues
Nevermind. It was actually the Certificate Template property I'm looking for
but when I run the line below, that's not one of the properties it can return
get-childitem -path cert:\localmachine\my -recurse | select *
There's really nothing I see in the results that I can use to detect if it's a
ConfigMgr Client certificate installed other than $_.Issuer (which may not
always be accurate). The way I set up the certificate template per Technet,
didn't mention giving it a Friendly Name so its just blank.
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Beardsley, James
Sent: Thursday, January 16, 2014 11:57 AM
To: [email protected]<mailto:[email protected]>
Subject: [mssms] RE: Certificate issues
Very nice Russ! Is there a way to look at the Friendly Name property rather
than the Issuer in this example below? I tried using $_.FriendlyName but I
don't think it liked that.
get-childitem -path cert:\localmachine -recurse | where-object {$_.Issuer -like
'*RussLab*'}
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Russ Rimmerman
Sent: Wednesday, January 15, 2014 10:12 PM
To: [email protected]<mailto:[email protected]>
Subject: [mssms] RE: Certificate issues
I blogged the other day on using compliance settings to check to see if a
specific cert on clients, you can use similar powershell commands to inventory
the specific properties of the certs you want and poke it back into wmi in a
custom class.
http://blogs.technet.com/b/configmgr_geek_speak/archive/2014/01/10/use-configuration-manager-2012-compliance-settings-to-check-for-the-existence-of-a-pki-certificate.aspx
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Beardsley, James
Sent: Wednesday, January 15, 2014 9:59 AM
To: [email protected]<mailto:[email protected]>
Subject: [mssms] Certificate issues
Is there any way to gather inventory on client certificates? Is certificate
information in WMI? Or detectable with Powershell?
I have auto-enrollment set up and most PC's are successfully enrolling their
client certificate but there are a handful here and there that don't have the
cert in the Personal store so I'm unable to upgrade them to the 2012 client.
I tried running certutil.exe -pulse on ones that I've had a chance to get my
hands on and most of the time it doesn't help.
Any pointers? Any logs or event's I can use to track down the issue on
individual computers?
________________________________
IRS Compliance: Any tax advice contained in this communication (including any
attachments) is not intended or written to be used, and cannot be used, for the
purpose of (i) avoiding penalties imposed under the Internal Revenue Code or
applicable state or local tax law or (ii) promoting, marketing, or recommending
to another party any transaction or matter addressed herein.
________________________________
Confidentiality Notice: This e-mail is intended only for the addressee named
above. It contains information that is privileged, confidential or otherwise
protected from use and disclosure. If you are not the intended recipient, you
are hereby notified that any review, disclosure, copying, or dissemination of
this transmission, or taking of any action in reliance on its contents, or
other use is strictly prohibited. If you have received this transmission in
error, please reply to the sender listed above immediately and permanently
delete this message from your inbox. Thank you for your cooperation.
________________________________
IRS Compliance: Any tax advice contained in this communication (including any
attachments) is not intended or written to be used, and cannot be used, for the
purpose of (i) avoiding penalties imposed under the Internal Revenue Code or
applicable state or local tax law or (ii) promoting, marketing, or recommending
to another party any transaction or matter addressed herein.
________________________________
Confidentiality Notice: This e-mail is intended only for the addressee named
above. It contains information that is privileged, confidential or otherwise
protected from use and disclosure. If you are not the intended recipient, you
are hereby notified that any review, disclosure, copying, or dissemination of
this transmission, or taking of any action in reliance on its contents, or
other use is strictly prohibited. If you have received this transmission in
error, please reply to the sender listed above immediately and permanently
delete this message from your inbox. Thank you for your cooperation.
________________________________
IRS Compliance: Any tax advice contained in this communication (including any
attachments) is not intended or written to be used, and cannot be used, for the
purpose of (i) avoiding penalties imposed under the Internal Revenue Code or
applicable state or local tax law or (ii) promoting, marketing, or recommending
to another party any transaction or matter addressed herein.
________________________________
Confidentiality Notice: This e-mail is intended only for the addressee named
above. It contains information that is privileged, confidential or otherwise
protected from use and disclosure. If you are not the intended recipient, you
are hereby notified that any review, disclosure, copying, or dissemination of
this transmission, or taking of any action in reliance on its contents, or
other use is strictly prohibited. If you have received this transmission in
error, please reply to the sender listed above immediately and permanently
delete this message from your inbox. Thank you for your cooperation.
