Dark mode

Dark mode

There are 0 results matching

article card image dark article card image light

Published by · Jan 23, 2024 tools · 3 mins read

Introducing: Intune Device Renaming Tool

Rename Intune Devices by setting a Prefix or using a User Attribute as Prefix. Supports Windows, macOS, and Linux ...

See More
article card image dark article card image light

Published by · Dec 8, 2023 intune · 5 mins read

Intune Logs: A Deep Dive into Locations, Interpretation, and Configuration

A Comprehensive Guide to Locations, Interpretation, and Configuration of Intune Logs ...

See More
article card image dark article card image light

Published by · Aug 14, 2023 configmgr · 2 mins read

Configuration Manager Console Extension to show Device Collection Membership with Console Builder

Use the Configuration Manager Console Builder, to add Collection Membership View to the Device Node ...

See More
article card image dark article card image light

Published by · Aug 3, 2023 tools · 3 mins read

Introducing: Configuration Manager SSRS Dashboards

A Configuration Manager Dashboards solution with Reports for Software Updates, Bitlocker and more ...

See More
article card image dark article card image light

Published by · Aug 3, 2023 tools · 2 mins read

Introducing: PowerShell WMI Management Toolkit Module

Streamline your WMI Namespace, Class, and Instance Management with our PowerShell Module ...

See More
article card image dark article card image light

Published by · Jul 14, 2023 configmgr · 1 mins read

Configuration Manager detailed, filterable Port Documentation

Configuration Manager detailed, filterable port documentation as an excel document ...

See More
article card image dark article card image light

Published by · Jul 14, 2023 configmgr · 3 mins read

Configuration Manager PXE TFTP Window Size Bug

Configuration Manager TFTP Block Size and TFTP Window Size Correct Configuration ...

See More
article card image dark article card image light

Published by · Jun 18, 2023 tools · 4 mins read

Introducing: Configuration Manager Client Cache Cleanup Tool

Cleaning the Configuration Manager Client Cache the Right Way with PowerShell and Configuration Baselines ...

See More
article card image dark article card image light

Published by · Jun 18, 2023 tools · 2 mins read

Introducing: Windows Cache Cleanup Tool

Cleaning Windows and Configuration Manager Caches for Configuration Manager Build and Capture Task Sequence or Standalone Use ...

See More
article card image dark article card image light

Published by · Jun 17, 2023 tools · 1 mins read

Introducing: Windows Update Database Reinitialization Tool

Proactively repair corrupted Windows Update Database with Powershell and Configuration Manager ...

See More
article card image dark article card image light

Published by · Mar 31, 2023 tools · 3 mins read

Introducing: Configuration Manager SQL Products Reporting

A Complete SQL Products reporting solution using Configuration Manager ...

See More
article card image dark article card image light

Published by · Jan 28, 2023 configmgr · 1 mins read

Application Detection Method using the Configuration Manager Application Version

Replace hardcoded application version in scripts, with the Configuration Manager Application Version ...

See More
article card image dark article card image light

Published by · Jan 28, 2023 tools · 3 mins read

Introducing: Certificate Management Toolkit

Managing Certificates with Configuration Manager and PowerShell by using just the Public Key ...

See More
article card image dark article card image light

Published by · Jan 7, 2019 reports · 2 mins read

Configuration Manager Device Boundary and Network Information Report

List Device Boundaries and Network Information with Configuration Manager ...

See More
article card image dark article card image light

Published by · Sep 9, 1980 help · 5 mins read

MEM.Zone Blog Publishing Documentation

Publishing Documentation for MEM.Zone ...

See More

We couldn’t find anything related to

“SCCM”

BLOG / tools zone

Introducing: Certificate Management Toolkit

Published by Popovici Ioan · Jan 28, 2023 · 3 mins read
article card image dark article card image light

Quick Summary

There are a plethora of options you can choose to manage certificates, like GPOs, Configuration Manager Certificate Profiles or Intune.
The main advantage of this method is that it doesn’t require a payload when installing a certificate.

Notes

For additional features, please submit a pull request or open an issue here.

Prerequisites


Recommendations

  • When selecting a certificate with a configuration baseline, use -Summarization On to simplify the detection rule.
  • When adding a certificate with a configuration baseline, the remediation script can be optional if you add the script as a detection script.

Select Certificate Explained

Gets the details of a Specific certificate using the certificate Serial Number, Subject or by matching a custom Filter.
The StoreLocation and StoreName also need to be specified.

Filter

Certificate identifiers together with the PowerShell logical operators can be used for matching specific values.

Available values for Filter

  • EnhancedKeyUsageList
  • DnsNameList
  • FriendlyName
  • NotAfter
  • NotBefore
  • HasPrivateKey
  • SerialNumber
  • Thumbprint
  • Version
  • Issuer
  • Subject
  • TemplateOID
## Filter Example
  Issuer -match '*IssuerName*' -and Subject -match $Env:ComputerName -or Thumbprint -eq '5DA5BAA64650769F1279BF4CF80532AFB471CA7A'"
Notes

Single quotes need to be used when specifying the certificate identifiers!

Store Location

The certificate store location is used to select which store to perform the search in.

Available values for StoreLocation

  • CurrentUser
  • LocalMachine

Store Name

The certificate store name value that can be specified is dependent on the StoreLocation parameter and is used to select which store location to perform the search in.

Available values for CurentUser

  • ACRS
  • SmartCardRoot
  • Root
  • Trust
  • AuthRoot
  • CA
  • UserDS
  • Disallowed
  • My
  • TrustedPeople
  • TrustedPublisher
  • ClientAuthIssuer

Available values for LocalMachine

  • TrustedPublisher
  • ClientAuthIssuer
  • Remote Desktop
  • Root
  • TrustedDevices
  • WebHosting
  • CA
  • WSUS
  • Request
  • AuthRoot
  • TrustedPeople
  • My
  • SmartCardRoot
  • Trust
  • Disallowed
  • SMS

Summarization

Specifies if the output should be summarized or not. This is useful in a configuration baseline.

Available values for Summarization

  • On returns Compliant or Non-Compliant.
  • Off returns certificate info or error.

Select Certificate Parameters

  • Subject
    Specifies the Subject of the certificate to be selected.

  • SerialNumber
    Specifies the Serial Number of the certificate to be selected.

  • Filter
    Specify the filter to use when searching for the certificate.

  • StoreLocation
    Specifies the Certificate Store Location to search.

    Default is: LocalMachine

  • StoreName
    Specifies the Certificate Store Names to search.

    Default is: My

  • Summarization
    Specifies if the output should be summarized or not.

    Default is: On.

Notes

Serial Number, Subject and Filter parameters are mutually exclusive.


Add Certificate Explained

CertificateBase64

Adds a certificate to a specific certificate store using the certificate base64 key.
No other payload is needed.

## Convert certificate key in base64 format
[System.Convert]::ToBase64String($(Get-Content -Path .\Certificate.cer -Encoding Byte))
Notes

See Store Location and Store parameter explanation.

Add Certificate Parameters

  • CertificateBase64
    Specifies the certificate key in base64 string format.

  • StoreLocation
    Specifies the Certificate Store Location to search.

    Default is: LocalMachine

  • StoreName
    Specifies the Certificate Store Names to search.

    Default is: My


Code

Select Certificate

  1<#
  2.SYNOPSIS
  3    Gets the details of a specific certificate.
  4.DESCRIPTION
  5    Gets the details of a Specific certificate using the certificate 'Serial Number', 'Subject' or a Filter.
  6.PARAMETER Subject
  7    Specifies the Subject of the certificate to be selected.
  8.PARAMETER SerialNumber
  9    Specifies the Serial Number of the certificate to be selected.
 10.PARAMETER Filter
 11    Specify the filter to use when searching for the certificate. !! You need to use single quotes to specify the filter parameters !!
 12    Valid Filter Parameters:
 13        'EnhancedKeyUsageList'
 14        'DnsNameList'
 15        'FriendlyName'
 16        'NotAfter'
 17        'NotBefore'
 18        'HasPrivateKey'
 19        'SerialNumber'
 20        'Thumbprint'
 21        'Version'
 22        'Issuer'
 23        'Subject'
 24        'TemplateOID'
 25    Valid Filter Syntax:
 26        "Issuer -match '*IssuerName*' -and Subject -match $Env:ComputerName -or Thumbprint -eq '5DA5BAA64650769F1279BF4CF80532AFB471CA7A'"
 27.PARAMETER StoreLocation
 28    Specifies the Certificate Store Location to search. Default is: 'LocalMachine'.
 29    Available Values:
 30        'CurrentUser'
 31        'LocalMachine'
 32.PARAMETER StoreName
 33    Specifies the Certificate Store Names to search. Default is: 'My'.
 34    Available Values for CurentUser:
 35        'ACRS'
 36        'SmartCardRoot'
 37        'Root'
 38        'Trust'
 39        'AuthRoot'
 40        'CA'
 41        'UserDS'
 42        'Disallowed'
 43        'My'
 44        'TrustedPeople'
 45        'TrustedPublisher'
 46        'ClientAuthIssuer'
 47    Available Values for LocalMachine:
 48        'TrustedPublisher'
 49        'ClientAuthIssuer'
 50        'Remote Desktop'
 51        'Root'
 52        'TrustedDevices'
 53        'WebHosting'
 54        'CA'
 55        'WSUS'
 56        'Request'
 57        'AuthRoot'
 58        'TrustedPeople'
 59        'My'
 60        'SmartCardRoot'
 61        'Trust'
 62        'Disallowed'
 63        'SMS'
 64.PARAMETER Summarization
 65    Specifies the Usage of the script.
 66    Summarization On is used to 'Compliant'/'Non-Compliant'.
 67    Summarization Off is used to return certificate info or error. Default is: 'On'.
 68    Available Values:
 69        'On'
 70        'Off'
 71.EXAMPLE
 72    Select-Certificate.ps1 -SerialNumber '61ec50244f40eeba74eba0d889eb37667' -StoreName "'TrustedPublisher','Root'"
 73.EXAMPLE
 74    [hashtable]$ScriptParameters = @{
 75        Filter         = "Subject -match '$Env:ComputerName' -and Issuer -match 'SomeCA' -and TemplateOID -eq '1.3.6.1.4.1.311.21.8.15345926.10523111.1328283.12369231.6977377.105.13507483.11294707'"
 76        StoreLocation  = "LocalMachine"
 77        StoreName      = "My"
 78        Summarization  = "Off"
 79    }
 80    Select-Certificate.ps1 @ScriptParameters
 81.NOTES
 82    Created by Ioan Popovici
 83.LINK
 84    https://MEMZ.one/PSCertificateManagementToolKit-CREDIT (FTW)
 85.LINK
 86    https://MEMZ.one/PSCertificateManagementToolKit
 87.LINK
 88    https://MEMZ.one/PSCertificateManagementToolKit-CHANGELOG
 89.LINK
 90    https://MEMZ.one/PSCertificateManagementToolKit-GIT
 91.LINK
 92    https://MEM.Zone/ISSUES
 93.COMPONENT
 94    Certificate Store
 95.FUNCTIONALITY
 96    Select certificate
 97#>
 98
 99##*=============================================
100##* VARIABLE DECLARATION
101##*=============================================
102#region VariableDeclaration
103
104## Set script requirements
105#Requires -Version 3.0
106
107<#
108#region Comment section if using inline variables
109[CmdletBinding()]
110Param (
111    [Parameter(Mandatory=$true,ParameterSetName='Subject',Position=1)]
112    [ValidateNotNullorEmpty()]
113    [Alias('Subject')]
114    [string]$SubjectName,
115    [Parameter(Mandatory=$true,ParameterSetName='Serial',Position=1)]
116    [ValidateNotNullorEmpty()]
117    [Alias('Serial')]
118    [string]$SerialNumber,
119    [Parameter(Mandatory=$true,ParameterSetName='Filter',Position=1)]
120    [ValidateNotNullorEmpty()]
121    [Alias('Search')]
122    [string]$Filter,
123    [Parameter(Mandatory=$false,ParameterSetName='Subject',Position=2)]
124    [Parameter(Mandatory=$false,ParameterSetName='Serial',Position=2)]
125    [Parameter(Mandatory=$false,ParameterSetName='Filter',Position=2)]
126    [ValidateSet('CurrentUser','LocalMachine')]
127    [Alias('Location')]
128    [string]$StoreLocation = "LocalMachine",
129    [Parameter(Mandatory=$false,ParameterSetName='Subject',Position=3)]
130    [Parameter(Mandatory=$false,ParameterSetName='Serial',Position=3)]
131    [Parameter(Mandatory=$false,ParameterSetName='Filter',Position=3)]
132    [ValidateSet('ACRS','SmartCardRoot','Root','Trust','AuthRoot','CA','UserDS','Disallowed','My','TrustedPeople','TrustedPublisher','ClientAuthIssuer')]
133    [ValidateSet('TrustedPublisher','ClientAuthIssuer','Remote Desktop','Root','TrustedDevices','WebHosting','CA','WSUS','Request','AuthRoot','TrustedPeople','My','SmartCardRoot','Trust','Disallowed','SMS')]
134    [Alias('Store')]
135    [string[]]$StoreName = "My",
136    [Parameter(Mandatory=$false,ParameterSetName='Subject',Position=4)]
137    [Parameter(Mandatory=$false,ParameterSetName='Serial',Position=4)]
138    [Parameter(Mandatory=$false,ParameterSetName='Filter',Position=4)]
139    [ValidateSet('On','Off')]
140    [Alias('Summ')]
141    [string]$Summarization = "On"
142)
143#endregion
144#>
145
146#region uncomment section if using inline variables, add keys and values
147[CmdletBinding()]
148Param ()
149[hashtable]$ScriptParameters = @{
150    Filter         = "Subject -match '$Env:ComputerName' -and Issuer -match 'adidas G2 Sub CA 01' -and TemplateOID -eq '1.3.6.1.4.1.311.21.8.15345926.10523111.1328283.12369231.6977377.105.13507483.11294707'"
151    StoreLocation  = "LocalMachine"
152    StoreName      = "My"
153    Summarization  = "Off"
154}
155
156## For testing purposes
157#$VerbosePreference = 'Continue'
158#endregion
159
160#endregion
161##*=============================================
162##* END VARIABLE DECLARATION
163##*=============================================
164
165##*=============================================
166##* FUNCTION LISTINGS
167##*=============================================
168#region FunctionListings
169
170#region Function Format-Spacer
171Function Format-Spacer {
172<#
173.SYNOPSIS
174    Adds padding before and after the specified variable.
175.DESCRIPTION
176    Adds padding before and after the specified variable to make it more visible.
177.PARAMETER Message
178    Specifies input message for this function.
179.PARAMETER Type
180    Specifies message output type.
181.PARAMETER AddEmptyRow
182    Specifies to add empty row before, after or both before and after the output.
183.EXAMPLE
184    Format-Spacer -Message $SomeVariable -AddEmptyRow 'Before'
185.INPUTS
186    System.String
187.OUTPUTS
188    System.String
189.NOTES
190    Created by Ioan Popovici
191    2021-03-31 v1.0.0
192    This is an internal script function and should typically not be called directly.
193    Thanks @chrisdent from windadmins for fixing my regex :)
194.LINK
195    https://MEM.Zone
196.LINK
197    https://MEM.Zone/GIT
198.LINK
199    https://MEM.Zone/ISSUES
200.COMPONENT
201    Console
202.FUNCTIONALITY
203    Format Output
204#>
205    [CmdletBinding()]
206    Param (
207        [Parameter(Mandatory=$true,ValueFromPipeline,HelpMessage='Specify input:',Position=0)]
208        [ValidateNotNullorEmpty()]
209        [Alias('Variable')]
210        [string]$Message,
211        [Parameter(Mandatory=$false,Position=1)]
212        [ValidateSet('Console','Verbose')]
213        [string]$Type = 'Console',
214        [Parameter(Mandatory=$false,Position=2)]
215        [ValidateSet('No','Before','After','BeforeAndAfter')]
216        [string]$AddEmptyRow = 'No'
217    )
218    Begin {
219
220        ## Set variables
221        [string]$Padding = '#========================================#'
222    }
223    Process {
224        Try {
225
226            ## Trim start/end spaces
227            [string]$MessageTrimmed = $Message.TrimStart().TrimEnd()
228
229            ## Calculate the numbers of padding characters to remove
230            [int]$RemoveRight = [math]::Floor($MessageTrimmed.Length / 2)
231            [int]$RemoveLeft  = [math]::Ceiling($MessageTrimmed.Length / 2)
232
233            ## Remove padding characters
234            [string]$PaddingRight = $Padding -replace "(?<=#)={$RemoveRight}"
235            [string]$PaddingLeft  = $Padding -replace "(?<=#)={$RemoveLeft}"
236
237            ## Add empty rows to the output
238            Switch ($AddEmptyRow) {
239                'Before' { If ($Type -ne 'Verbose') { $PaddingRight = -join ("`n", $PaddingRight) } }
240                'After'  { If ($Type -ne 'Verbose') { $PaddingLeft  = -join ($PaddingLeft, "`n" ) } }
241                'After'  { If ($Type -ne 'Verbose') {
242                    $PaddingRight = -join ("`n", $PaddingRight)
243                    $PaddingLeft  = -join ($PaddingLeft, "`n" ) }
244                }
245                Default  {}
246            }
247
248            ## Assemble result
249            [string]$Result = -join ($PaddingRight, ' ', $MessageTrimmed, ' ', $PaddingLeft)
250        }
251        Catch {
252            $PSCmdlet.ThrowTerminatingError($PSItem)
253        }
254        Finally {
255
256            ## Write to console
257            If ($Type -eq 'Console') { Write-Output -InputObject $Result }
258
259            ## Write verbose and add empty rows if specified
260            Else {
261                If ($AddEmptyRow -eq 'Before' -or $AddEmptyRow -eq 'BeforeAndAfter') { Write-Verbose -Message '' }
262                Write-Verbose -Message $Result
263                If ($AddEmptyRow -eq 'After' -or $AddEmptyRow -eq 'BeforeAndAfter') { Write-Verbose -Message '' }
264            }
265        }
266    }
267    End {
268    }
269}
270#endregion
271
272#region Function Select-Certificate
273Function Select-Certificate {
274<#
275.SYNOPSIS
276    Gets the details of a specific certificate.
277.DESCRIPTION
278    Gets the details of a Specific certificate using the certificate 'Serial Number', 'Subject' or a Filter.
279.PARAMETER Subject
280    Specifies the Subject of the certificate to be selected.
281.PARAMETER SerialNumber
282    Specifies the Serial Number of the certificate to be selected.
283.PARAMETER Filter
284    Specify the filter to use when searching for the certificate. !! You need to use single quotes to specify the filter parameters !!
285    Valid Filter Parameters:
286        'EnhancedKeyUsageList'
287        'DnsNameList'
288        'FriendlyName'
289        'NotAfter'
290        'NotBefore'
291        'HasPrivateKey'
292        'SerialNumber'
293        'Thumbprint'
294        'Version'
295        'Issuer'
296        'Subject'
297        'TemplateOID'
298    Valid Filter Syntax:
299        "Issuer -match '*IssuerName*' -and Subject -match $Env:ComputerName -or Thumbprint -eq '5DA5BAA64650769F1279BF4CF80532AFB471CA7A'"
300.PARAMETER StoreLocation
301    Specifies the Certificate Store Location to search. Default is: 'LocalMachine'.
302    Available Values:
303        'CurrentUser'
304        'LocalMachine'
305.PARAMETER StoreName
306    Specifies the Certificate Store Names to search. Default is: 'My'.
307    Available Values for CurentUser:
308        'ACRS'
309        'SmartCardRoot'
310        'Root'
311        'Trust'
312        'AuthRoot'
313        'CA'
314        'UserDS'
315        'Disallowed'
316        'My'
317        'TrustedPeople'
318        'TrustedPublisher'
319        'ClientAuthIssuer'
320    Available Values for LocalMachine:
321        'TrustedPublisher'
322        'ClientAuthIssuer'
323        'Remote Desktop'
324        'Root'
325        'TrustedDevices'
326        'WebHosting'
327        'CA'
328        'WSUS'
329        'Request'
330        'AuthRoot'
331        'TrustedPeople'
332        'My'
333        'SmartCardRoot'
334        'Trust'
335        'Disallowed'
336        'SMS'
337.EXAMPLE
338    Select-Certificate.ps1 -SerialNumber '61ec50244f40eeba74eba0d889eb37667' -StoreName "'TrustedPublisher','Root'"
339.EXAMPLE
340    [hashtable]$ScriptParameters = @{
341        Filter         = "Subject -match '$Env:ComputerName' -and Issuer -match 'SomeCA' -and TemplateOID -eq '1.3.6.1.4.1.311.21.8.15345926.10523111.1328283.12369231.6977377.105.13507483.11294707'"
342        StoreLocation  = "LocalMachine"
343        StoreName      = "My"
344        Summarization  = "Off"
345    }
346    Select-Certificate.ps1 @ScriptParameters
347.NOTES
348    This is an internal script function and should typically not be called directly.
349.LINK
350    https://MEM.Zone/GIT
351.LINK
352    https://MEM.Zone/ISSUES
353#>
354    [CmdletBinding()]
355    Param (
356        [Parameter(Mandatory=$true,ParameterSetName='Subject',Position=1)]
357        [ValidateNotNullorEmpty()]
358        [Alias('Subject')]
359        [string]$SubjectName,
360        [Parameter(Mandatory=$true,ParameterSetName='Serial',Position=1)]
361        [ValidateNotNullorEmpty()]
362        [Alias('Serial')]
363        [string]$SerialNumber,
364        [Parameter(Mandatory=$true,ParameterSetName='Filter',Position=1)]
365        [ValidateNotNullorEmpty()]
366        [Alias('Search')]
367        [string]$Filter,
368        [Parameter(Mandatory=$false,ParameterSetName='Subject',Position=2)]
369        [Parameter(Mandatory=$false,ParameterSetName='Serial',Position=2)]
370        [Parameter(Mandatory=$false,ParameterSetName='Filter',Position=2)]
371        [ValidateSet('CurrentUser','LocalMachine')]
372        [Alias('Location')]
373        [string]$StoreLocation = 'LocalMachine',
374        [Parameter(Mandatory=$false,ParameterSetName='Subject',Position=3)]
375        [Parameter(Mandatory=$false,ParameterSetName='Serial',Position=3)]
376        [Parameter(Mandatory=$false,ParameterSetName='Filter',Position=3)]
377        [ValidateSet('ACRS','SmartCardRoot','Root','Trust','AuthRoot','CA','UserDS','Disallowed','My','TrustedPeople','TrustedPublisher','ClientAuthIssuer')]
378        [ValidateSet('TrustedPublisher','ClientAuthIssuer','Remote Desktop','Root','TrustedDevices','WebHosting','CA','WSUS','Request','AuthRoot','TrustedPeople','My','SmartCardRoot','Trust','Disallowed','SMS')]
379        [Alias('Store')]
380        [string]$StoreName = 'My'
381    )
382    Begin {
383
384        ## Set valid filter parameters
385        [string[]]$ValidParameters = @('EnhancedKeyUsageList', 'FriendlyName', 'NotAfter', 'NotBefore', 'HasPrivateKey', 'SerialNumber', 'Thumbprint', 'Version', 'Issuer', 'Subject', 'TemplateOID')
386
387        ## Cleanup serial number
388        If ($SerialNumber) { $SerialNumber = $SerialNumber -replace '\s','' }
389
390        Try {
391            ## Create certificate store object
392            $CertificateStore = New-Object System.Security.Cryptography.X509Certificates.X509Store $StoreName, $StoreLocation -ErrorAction 'Stop'
393
394            ## Open the certificate store as ReadOnly
395            $CertificateStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
396        }
397        Catch {
398            $PSCmdlet.ThrowTerminatingError($PSItem)
399        }
400    }
401    Process {
402        Try {
403
404            ## Set filter depending on the parameter set
405            If ($($PSCmdlet.ParameterSetName) -eq 'Subject') { [string]$FilterResolved = '$PSItem.Subject -eq $SubjectName' }
406            If ($($PSCmdlet.ParameterSetName) -eq 'Serial')  { [string]$FilterResolved = '$PSItem.SerialNumber -eq $SerialNumber' }
407
408            ## Build filter by prefixing each valid parameter with '$PSItem.' and then converting the output to a scriptblock.
409            #  If 'TemplateOID' is specified, we check if it matches the certificate's template and return the OID for matching with the 'TemplateOID' parameter value.
410            If ($($PSCmdlet.ParameterSetName) -eq 'Filter')  {
411                #  Split filter into individual items
412                [string[]]$FilterParameters = $Filter.Split('')
413                Write-Debug -Message "-- Filter Items -- `n$Filter.Split('')"
414                #  Check for valid parameters
415                [string]$FilterResolved = $(
416                    ForEach ($Parameter in $FilterParameters) {
417                        #  Prefix parameters with '$PSItem.'
418                        If ($Parameter -in $ValidParameters) {
419                            #  Check if the parameter is 'TemplateOID' and if so, check if it matches the certificate's Template OID
420                            If ($Parameter -eq 'TemplateOID') {
421                                #  Extract the template value from the filter
422                                [regex]$Pattern = "(?:Template)[^']*.([^']*)"
423                                [string]$TemplateOID = ($Filter | Select-String -Pattern $Pattern).Matches.Groups[1].Value
424                                #  Build the certificate matching query. This should return the OID of matching certificates.
425                                [string]$GetCertificateTemplate = '$(If ($PsItem.Thumbprint -in $($CertificateStore.Certificates.Find(9, $TemplateOID, $false).ThumbPrint)) { $TemplateOID } Else { $null })'
426                                $Parameter.Replace($Parameter, $($GetCertificateTemplate))
427                            }
428                            Else { $Parameter.Replace($Parameter, ('$PsItem.' + $Parameter)) }
429                        }
430                        #  If the item is not in the valid parameter list, it's probably not a parameter, so just return it so it can be used in the filter.
431                        Else { $Parameter }
432                    }
433                #  Join the filter items back together into a single string
434                ) -join ' '
435            }
436
437            ## Convert the resolved filter to a scriptblock. Note that we are changing the $Filter variable type from string to scriptblock.
438            [scriptblock]$Filter = [scriptblock]::Create($FilterResolved)
439            Write-Verbose -Message "-- Filter Resolved -- `n$FilterResolved"
440
441            ## Get the certificate details by running the Filter script block
442            $SelectCertificate = $CertificateStore.Certificates | Where-Object { $(&$Filter) } | Select-Object -Property 'EnhancedKeyUsageList', 'DnsNameList', 'FriendlyName', 'NotAfter', 'NotBefore', 'HasPrivateKey', 'SerialNumber', 'Thumbprint', 'Version', 'Issuer', 'Subject'
443
444            ## Add the store name
445            $SelectCertificate | Add-Member -MemberType 'NoteProperty' -Name 'Store' -Value $Store -ErrorAction 'SilentlyContinue'
446
447            ## Return certificate details or a 'Certificate Selection - Failed!' string if the certificate does not exist
448            If (-not $SelectCertificate) { $SelectCertificate = 'Certificate Selection - Failed!' }
449        }
450        Catch {
451            $PSCmdlet.ThrowTerminatingError($PSItem)
452        }
453        Finally {
454            Write-Output -InputObject $SelectCertificate
455        }
456    }
457    End {
458        $CertificateStore.Close()
459    }
460}
461#endregion
462
463#endregion
464##*=============================================
465##* END FUNCTION LISTINGS
466##*=============================================
467
468##*=============================================
469##* SCRIPT BODY
470##*=============================================
471#region ScriptBody
472
473Try {
474
475    ## Select parameters to use
476    If ($PSBoundParameters.Count -ne 0) { $ScriptParameters = $PSBoundParameters }
477
478    ## Set default Summarization to 'On' for inline parameters else set specified value
479    If ([string]::IsNullOrEmpty($ScriptParameters.Summarization)) { $Summarization = 'On' } Else { $Summarization = $ScriptParameters.Summarization }
480
481    ## Remove the Summarization parameter from the parameters list so it doesn't get passed to the Select-Certificate function
482    $null = $ScriptParameters.Remove('Summarization')
483
484    ## Write verbose status
485    Format-Spacer -Message "Starting Search" -Type 'Verbose' -AddEmptyRow 'After'
486
487    ## Cycle specified certificate stores
488    $Result = ForEach ($Store in $ScriptParameters.StoreName) {
489
490        ## Set the invoke parameter set to the current store
491        $InvokeParameters = $ScriptParameters
492        $InvokeParameters['StoreName'] = $Store
493        Write-Verbose -Message "-- Invoke parameters -- `n$($InvokeParameters | Out-String)"
494
495        ## Get the certificate details and add the store name to the result object
496        Write-Verbose "Searching $Store Store..."
497        Select-Certificate @InvokeParameters
498    }
499
500    ## Workaround for MEMCM Compliance Rule limitation. The remediation checkbox shows up only if 'Equals' rule is specified.
501    [string]$ResultString = $Result | Out-String
502
503    ## Check if we have a valid result and set result accordingly
504    If (-not [string]::IsNullOrEmpty($ResultString) -and $ResultString -notmatch 'Failed') {
505        #  Return 'Compliant'
506        If ($Summarization -eq 'On') { $Result = 'Compliant' }
507    }
508    Else {
509        #  Return 'Non-Compliant'
510        If ($Summarization -eq 'On') { $Result = 'Non-Compliant' }
511    }
512}
513Catch {
514    Throw $PSItem
515}
516Finally {
517
518    ## Return the result
519    Write-Output -InputObject $Result
520    Format-Spacer -Message "Operation Completed" -Type 'Verbose' -AddEmptyRow 'Before'
521}
522
523#endregion
524##*=============================================
525##* END SCRIPT BODY
526##*=============================================

Add Certificate

  1<#
  2.SYNOPSIS
  3    Adds a certificate to the certificate store.
  4.DESCRIPTION
  5    Adds a certificate to the certificate store using the certificate base64 key.
  6.PARAMETER CertificateBase64
  7    The certificate in base64 string format.
  8    Convert the certificate to base64 string using the following command:
  9    [System.Convert]::ToBase64String($(Get-Content -Path .\Certificate.cer -Encoding Byte))
 10.PARAMETER StoreLocation
 11    Specifies the Certificate Store Location to search. Default is: 'LocalMachine'.
 12    Available Values:
 13        'CurrentUser'
 14        'LocalMachine'
 15.PARAMETER StoreName
 16    Specifies the Certificate Store Names to search. Default is: 'Root'.
 17    Available Values for CurentUser:
 18        'ACRS'
 19        'SmartCardRoot'
 20        'Root'
 21        'Trust'
 22        'AuthRoot'
 23        'CA'
 24        'UserDS'
 25        'Disallowed'
 26        'My'
 27        'TrustedPeople'
 28        'TrustedPublisher'
 29        'ClientAuthIssuer'
 30    Available Values for LocalMachine:
 31        'TrustedPublisher'
 32        'ClientAuthIssuer'
 33        'Remote Desktop'
 34        'Root'
 35        'TrustedDevices'
 36        'WebHosting'
 37        'CA'
 38        'WSUS'
 39        'Request'
 40        'AuthRoot'
 41        'TrustedPeople'
 42        'My'
 43        'SmartCardRoot'
 44        'Trust'
 45        'Disallowed'
 46        'SMS'
 47.EXAMPLE
 48    [string]$CertificateBase64 = '
 49        MIIC7TCCAdWgAwIBAgIQYexQKvQO66dOug2InrN2ZzANBgkqhkiG9w0BAQsFADAm
 50        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 51        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 52        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 53        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 54        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 55        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 56        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 57        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 58        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 59        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 60        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 61        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 62        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 63        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 64        R1TFx1baj97rlziBt2XVZYG9tEFpPxRPD4A5FjRCix/Q
 65    '
 66    Add-Certificate -CertificateBase64 $CertificateBase64 -StoreLocation 'LocalMachine' -StoreName 'Root'
 67.INPUTS
 68    None.
 69.OUTPUTS
 70    System.String.
 71.NOTES
 72    Created by Ioan Popovici
 73.LINK
 74    https://MEMZ.one/PSCertificateManagementToolKit-CREDIT (FTW)
 75.LINK
 76    https://MEMZ.one/PSCertificateManagementToolKit
 77.LINK
 78    https://MEMZ.one/PSCertificateManagementToolKit-CHANGELOG
 79.LINK
 80    https://MEMZ.one/PSCertificateManagementToolKit-GIT
 81.LINK
 82    https://MEM.Zone/ISSUES
 83.COMPONENT
 84    Certificate Store
 85.FUNCTIONALITY
 86    Add certificate
 87#>
 88
 89## Set script requirements
 90#Requires -Version 3.0
 91
 92<#
 93#region Comment section if using inline variables
 94[CmdletBinding()]
 95Param (
 96    [Parameter(Mandatory = $true, HelpMessage = 'Certificate Key in Base64 Format', Position = 1)]
 97    [ValidateNotNullorEmpty()]
 98    [Alias('CertificateString')]
 99    [string]$CertificateBase64,
100    [Parameter(Mandatory = $false, HelpMessage = 'Certificate Store Location', Position = 2)]
101    [ValidateSet('CurrentUser','LocalMachine')]
102    [Alias('Location')]
103    [string]$StoreLocation = 'LocalMachine',
104    [Parameter(Mandatory = $false, HelpMessage = 'Certifcate Store Name', Position = 3)]
105    [ValidateSet('ACRS','SmartCardRoot','Root','Trust','AuthRoot','CA','UserDS','Disallowed','My','TrustedPeople','TrustedPublisher','ClientAuthIssuer')]
106    [ValidateSet('TrustedPublisher','ClientAuthIssuer','Remote Desktop','Root','TrustedDevices','WebHosting','CA','WSUS','Request','AuthRoot','TrustedPeople','My','SmartCardRoot','Trust','Disallowed','SMS')]
107    [Alias('Store')]
108    [string[]]$StoreName = 'Root'
109)
110#endregion
111#>
112
113##*=============================================
114##* VARIABLE DECLARATION
115##*=============================================
116#region VariableDeclaration
117
118## Inline variables, comment section if using parameters
119[string]$CertificateBase64 =
120@'
121    MIIC7TCCAdWgAwIBAgIQYexQKvQO66dOug2InrN2ZzANBgkqhkiG9w0BAQsFADAm
122    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
123    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
124    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
125    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
126    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
127    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
128    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
129    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
130    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
131    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
132    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
133    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
134    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
135    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
136    R1TFx1baj97rlziBt2XVZYG9tEFpPxRPD4A5FjRCix/Q
137'@
138[string]$StoreLocation = 'LocalMachine'
139[string[]]$StoreName = 'Root'
140
141## Initialize variables
142$Output = @()
143
144#endregion
145##*=============================================
146##* END VARIABLE DECLARATION
147##*=============================================
148
149##*=============================================
150##* FUNCTION LISTINGS
151##*=============================================
152#region FunctionListings
153
154#region Function Add-Certificate
155Function Add-Certificate {
156<#
157.EXAMPLE
158    [string]$CertificateBase64 = '
159        MIIC7TCCAdWgAwIBAgIQYexQKvQO66dOug2InrN2ZzANBgkqhkiG9w0BAQsFADAm
160        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
161        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
162        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
163        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
164        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
165        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
166        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
167        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
168        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
169        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
170        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
171        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
172        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
173        xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
174        R1TFx1baj97rlziBt2XVZYG9tEFpPxRPD4A5FjRCix/Q
175    '
176    Add-Certificate -CertificateBase64 $CertificateBase64 -StoreLocation 'LocalMachine' -StoreName 'Root'
177.INPUTS
178    None.
179.OUTPUTS
180    System.String.
181.NOTES
182    This is an internal script function and should typically not be called directly.
183.LINK
184    https://MEM.Zone/GIT
185.LINK
186    https://MEM.Zone/ISSUES
187#>
188    [CmdletBinding()]
189    Param (
190        [Parameter(Mandatory = $true, HelpMessage = 'Certificate Key in Base64 Format', Position = 1)]
191        [ValidateNotNullorEmpty()]
192        [Alias('CertificateString')]
193        [string]$CertificateBase64,
194        [Parameter(Mandatory = $false, HelpMessage = 'Certificate Store Location', Position = 2)]
195        [ValidateSet('CurrentUser','LocalMachine')]
196        [Alias('Location')]
197        [string]$StoreLocation = 'LocalMachine',
198        [Parameter(Mandatory = $false, HelpMessage = 'Certifcate Store Name', Position = 3)]
199        [ValidateSet('ACRS','SmartCardRoot','Root','Trust','AuthRoot','CA','UserDS','Disallowed','My','TrustedPeople','TrustedPublisher','ClientAuthIssuer')]
200        [ValidateSet('TrustedPublisher','ClientAuthIssuer','Remote Desktop','Root','TrustedDevices','WebHosting','CA','WSUS','Request','AuthRoot','TrustedPeople','My','SmartCardRoot','Trust','Disallowed','SMS')]
201        [Alias('Store')]
202        [string]$StoreName = 'Root'
203    )
204
205    ## Create certificate store object
206    $CertificateStore = [System.Security.Cryptography.X509Certificates.X509Store]::new($StoreName, $StoreLocation)
207
208    ## Open the certificate store as Read/Write
209    $CertificateStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
210
211    ## Convert the base64 string
212    $ByteArray = [System.Convert]::FromBase64String($CertificateBase64)
213
214    ## Create the new certificate object
215    $Certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new()
216
217    ## Add the certificate to the store
218    $Certificate.Import($ByteArray)
219    $CertificateStore.Add($Certificate)
220
221    ## Close the certificate store
222    $CertificateStore.Close()
223}
224#endregion
225
226#endregion
227##*=============================================
228##* END FUNCTION LISTINGS
229##*=============================================
230
231##*=============================================
232##* SCRIPT BODY
233##*=============================================
234#region ScriptBody
235
236## Cycle specified certificate stores and add the specified certificate
237ForEach ($Store in $StoreName) {
238    Try {
239
240        ## Add the certificate to the specified store
241        Add-Certificate -CertificateBase64 $CertificateBase64 -StoreName $Store -ErrorAction 'Stop'
242        #  Add OutputProps to Output
243        $Output += [psobject]@{
244            'Store' = $Store
245            'Status'  = 'Add Certificate - Success!'
246        }
247    }
248    Catch {
249
250        ## Assemble error message
251        $ErrorProps = [hashtable]@{
252            'Store' = $Store
253            'Status'  = 'Add Certificate - Failed!'
254            'Error' = $PsItem.Exception.Message
255        }
256
257        ## Add ErrorMessage hash table to the output object
258        $Output += [psobject]$ErrorProps
259
260        ## Return custom error. The error handling is done here in order not to break the ForEach loop and allow it to continue.
261        $Exception     = [System.Exception]::new("Error Adding Certificate! $($PsItem.Exception.Message)")
262        $ExceptionType = [System.Management.Automation.ErrorCategory]::OperationStopped
263        $ErrorRecord   = [System.Management.Automation.ErrorRecord]::new($Exception, $PsItem.FullyQualifiedErrorId, $ExceptionType, $ErrorProps)
264        $PSCmdlet.ThrowTerminatingError($ErrorRecord)
265    }
266    Finally {
267        Write-Output -InputObject $($Output | Format-Table -HideTableHeaders | Out-String)
268    }
269}
270
271#endregion
272##*=============================================
273##* END SCRIPT BODY
274##*=============================================

SHARE

article card image dark article card image light

Published by · Jan 28, 2023 configmgr · 1 mins read

Application Detection Method using the Configuration Manager Application Version

Replace hardcoded application version in scripts, with the Configuration Manager Application Version ...

See More
article card image dark article card image light

Published by · Jan 7, 2019 reports · 2 mins read

Configuration Manager Device Boundary and Network Information Report

List Device Boundaries and Network Information with Configuration Manager ...

See More