get-childitem and certs issue

Welcome Forums General PowerShell Q&A get-childitem and certs issue

This topic contains 18 replies, has 5 voices, and was last updated by

 
Participant
9 months, 2 weeks ago.

  • Author
    Posts
  • #92504

    Participant
    Points: 1
    Rank: Member

    im am having issues using the get-childitem command on certs and the -eku parmateter see below

    same issue if I use

    get-childitem -path cert:\currentuser -recurse -eku "*client*"
    or
    PS Cert:\> get-childitem -eku "*client*"
    Get-ChildItem : A parameter cannot be found that matches parameter name 'eku'.
    At line:1 char:15
    + get-childitem -eku "*client*"
    + ~~~~
    + CategoryInfo : InvalidArgument: (:) [Get-ChildItem], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand

  • #92507
    Jon

    Participant
    Points: 23
    Rank: Member

    Get-Childitem

    -eku isn't an available parameter

  • #92510

    Participant
    Points: 0
    Rank: Member

    -Eku is a dynamic parameter that becomes available when you change to the cert: drive

    PS> Get-Command Get-ChildItem -Syntax
    
    Get-ChildItem [[-Path] ] [[-Filter] ] [-Include ] [-Exclude ] [-Recurse] [-Depth ] [-Force] [-Name] [-UseTransaction] [-Attributes ] [-Directory] [-File] [-Hidde
    n] [-ReadOnly] [-System] []
    
    Get-ChildItem [[-Filter] ] -LiteralPath  [-Include ] [-Exclude ] [-Recurse] [-Dept
    h ] [-Force] [-Name] [-UseTransaction] [-Attributes ] [-Directory] [-File] [-Hi
    dden] [-ReadOnly] [-System] []
    
    PS> cd cert:
    PS> Get-Command Get-ChildItem -Syntax
    
    Get-ChildItem [[-Path] ] [[-Filter] ] [-Include ] [-Exclude ] [-Recurse] [-Depth ] [-Force] [-Name] [-UseTransaction] [-CodeSigningCert] [-DocumentEncryptionCert] [-SSLServerAuthentication] [-Dn
    sName ] [-Eku ] [-ExpiringInDays ] []
    
    
    Get-ChildItem [[-Filter] ] -LiteralPath  [-Include ] [-Exclude ] [-Recurse] [-Dept
    h ] [-Force] [-Name] [-UseTransaction] [-CodeSigningCert] [-DocumentEncryptionCert] [-SSLServerAuthentication] [
    -DnsName ] [-Eku ] [-ExpiringInDays ] []
    

    so this will work

    PS> cd cert:
    PS> Get-ChildItem -Path .\\CurrentUser\ -Recurse -Eku 'client'
    

    or
    Get-ChildItem -Path /CurrentUser -Recurse -Eku 'client' is you don't use tab completion for the path

  • #92518

    Participant
    Points: 1
    Rank: Member

    Richard

    thanks tried both but same issue.

    PS Cert:\> PS Cert:\> Get-ChildItem -Path .\\CurrentUser\ -Recurse -Eku 'client'
    Get-Process : A positional parameter cannot be found that accepts argument 'Get-ChildItem'.
    At line:1 char:1
    + PS Cert:\> Get-ChildItem -Path .\\CurrentUser\ -Recurse -Eku 'client'
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidArgument: (:) [Get-Process], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.GetProcessCommand

    • #92543

      Participant
      Points: -19
      Rank: Member

      Could it be that you have a duplicated PS Cert:\> inserted to Powershell (copy paste error)?

  • #92548

    Participant
    Points: 1
    Rank: Member

    yes that was copy paste error but still same problem

    PS Cert:\> Get-ChildItem -Path .\\CurrentUser\ -Recurse -Eku "*Client*"
    Get-ChildItem : A parameter cannot be found that matches parameter name 'Eku'.
    At line:1 char:46
    + Get-ChildItem -Path .\\CurrentUser\ -Recurse -Eku "*Client*"
    + ~~~~
    + CategoryInfo : InvalidArgument: (:) [Get-ChildItem], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand

    • #92551
      Jon

      Participant
      Points: 23
      Rank: Member

      What powershell version are you running?

      Can you tab out -eku?

  • #92555

    Participant
    Points: 1
    Rank: Member

    powershell 4

    and no -eku does not show up when I tab -recurse does but not -eku

    • #92557
      Jon

      Participant
      Points: 23
      Rank: Member

      Have you tried on any other machines? Are you sure it's version 4?

      PS 4.0 get-childitem cert this says it was introduced with v3.

  • #92560

    Participant
    Points: 1
    Rank: Member

    yes 3 pcs

    ps2, 3 and 4

    I expect it to fail on 2 but my laptop has 4 and gives same error

  • #92561
    Jon

    Participant
    Points: 23
    Rank: Member

    I think I may have found the issue, what OS are you running?

    It doesn't work on my Windows 7 or 2008R2 machines, even with PS 5.1 however on my 2012R2 boxes it's fine, I noticed this on the documentation page:

    The new dynamic parameters work in Windows PowerShell 3.0 and newer releases of Windows PowerShell, running on Windows 8, Windows Server 2012 and newer releases of the Windows operating system.

  • #92563

    Participant
    Points: 0
    Rank: Member

    My machine has v5.1 which works as I described above. It doesn't work on v6 though

    get-help certificate

    shows this under dynamic parameters

            Cmdlets Supported: Get-ChildItem
    
        -EKU 
            Gets certificates that have the specified text or text pattern in the EnhancedKeyUsageList property of the
            certificate. Wildcard characters (*) are permitted. The EnhancedKeyUsageList property contains the friendly
            name and the OID fields of the EKU.
    
            Because certificates that have an empty EnhancedKeyUsageList can be used for all purposes, all EKU searches
            return certificates that have an empty EnhancedKeyUsageList property value.
    
            This parameter is valid in all subdirectories of the Certificate provider, but it is effective only on
            certificates.
    
            This parameter was introduced in Windows PowerShell 3.0.
    

    It should work. Do you have admin privileges on the machine on which you're trying this?

  • #92566

    Participant
    Points: 1
    Rank: Member

    Yes I have admin rights

    But when I push this most users wont but they are deleting the cert from currentuser I hope that will work

    • #92567
      Jon

      Participant
      Points: 23
      Rank: Member

      What OS?

  • #92570

    Participant
    Points: 1
    Rank: Member

    win7 32 and 64bit

    • #92573
      Jon

      Participant
      Points: 23
      Rank: Member

      See my above post about the Win7 environment.

  • #92578

    Participant
    Points: 1
    Rank: Member

    Sorry Jon I didn't see that post.

    so any ideas how in win 7 I can search for a cert using anything like the EKU?

    I need to remove a cert on many pc's all with different Thumbprints

  • #92630

    Participant
    Points: 206
    Helping Hand
    Rank: Participant

    Finding about to expire certificates the PowerShell 2.0 way

    If you are using Windows PowerShell 2.0 (or if you just like to type), you can still find certificates that are about to expire by using the Get-ChildItem cmdlet on your Cert: PSDrive, and then piping the results to the Where-Object.

    'blogs.technet.microsoft.com/heyscriptingguy/2013/03/05/use-powershell-to-find-certificates-that-are-about-to-expire'

    Filtering on the Certificate Provider

        ## Get-CertificateByEku.ps1 
        param($ekuName = $(throw "Please specify the friendly name of an Enhanced Key Usage (such as 'Code Signing'")) 
    
        foreach($cert in Get-ChildItem cert:\CurrentUser\My) { 
           foreach($extension in $cert.Extensions) 
           { 
               foreach($certEku in $extension.EnhancedKeyUsages) 
               { 
                   if($certEku.FriendlyName -eq $ekuName) 
                   { 
                       $cert 
                   } 
               } 
           } 
        }
    

    'leeholmes.com/blog/2007/01/09/filtering-on-the-certificate-provider'

  • #92683

    Participant
    Points: 1
    Rank: Member

    Thanks guys. I found the same article last night and I am testing that code on the older win 7 / POSH V2 pc's today

    I'll report back

The topic ‘get-childitem and certs issue’ is closed to new replies.