Hi,
I´m trying to inventory certificates from around a 1000 computers. Afterwards I need to delete a certificate which is enrolled from a specific CA.
How would you run the below, this works good locally on my machine;
Invoke-Command -ScriptBlock {get-childitem cert:\LocalMachine\My | ft -property issuer, thumbprint, NotAfter}
I have tested Enter-PSSession but that allows for only one connection as I understand it.
WinRM should be enabled on all computers. Can this be an option?
It would be easy if I could run it using psexec.exe and call powershell.exe, I tested the below but where is a pop if I run it locally, the output running it remotely is just "certutil exited on machine1 with error code 0"
psexec -i -s \\machine1 -u corp\myusername -p mypassword certutil -store MY
also tested -viewstore instead of -store.
I have tested numerous psexec command, I also tried starting powershell and running the invoke-command, also get-childitem or dir cert:\
For the user certificates some stuff works, computer certificates which I want seem to be really tricky and since I´m also very new to scripting it makes it even harder. Think I spent a few days on this now and I´m stuck!
These command also works locally but not remote,
get-item cert:\\LocalMachine\\My\\* | foreach { echo $_.subject, $_.issuer, $_.thumbprint, $_.notafter, $_.subject }
or
get-childitem cert:\LocalMachine\My -recurse | select Issuer,Subject,Thumbprint
or
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store("\\Machine1\My","LocalMachine")
$store.Open("ReadOnly")
$store.Certificates
Regards
Niklas
