Author Posts

January 23, 2018 at 10:33 am

Hi there,

Can any one help me with the below script. I need to search the domain windows 7 systems and delete a old expired certificate from Trusted Root certification Authorities. But I get "The operation is on root store and UI is not allowed". I tried running it on my own system first and then make it part of the full script to run on the domain.

Invoke-command -computername ABS-T48911 {Remove-Item -Path Cert:\CurrentUser\Root\2810178e6f7b4bd31f42c0946e822d116b9a144e}
Clear-Host
# Grab an computer OU from AD and get the DistinguishedName as input for the SearchBase
# Filter for a OS type and get the NetBIOS name of the computers
$SearchBase = (Get-ADOrganizationalUnit -Filter *).DistinguishedName[48]

# Filter for a OS type and get the NetBIOS name of the computers
$TargetHosts = (Get-ADComputer -SearchBase $SearchBase -Filter {OperatingSystem -Like 'Windows 7 Enterprise'}).Name

ForEach ($TargetHost  in $TargetHosts )
{

Invoke-command -computername $TargetHost { Get-ChildItem Cert:\CurrentUser\Root\2810178e6f7b4bd31f42c0946e822d116b9a144e | Remove-Item }

}

January 23, 2018 at 10:39 am

Hi there,

Can anyone help me with the below script please.I want to find all windows 7 systems and delete a old expired certificate from Trusted Root Certification Authorities which causes issues. But when i tried to delete the certificate using invoke-command I get "The operation is on root store and UI is not allowed"

Invoke-command -computername ABS-T48911 {Remove-Item -Path Cert:\CurrentUser\Root\2810178e6f7b4bd31f42c0946e822d116b9a144e}
Clear-Host
# Grab an computer OU from AD and get the DistinguishedName as input for the SearchBase
# Filter for a OS type and get the NetBIOS name of the computers
$SearchBase = (Get-ADOrganizationalUnit -Filter *).DistinguishedName[48]

# Filter for a OS type and get the NetBIOS name of the computers
$TargetHosts = (Get-ADComputer -SearchBase $SearchBase -Filter {OperatingSystem -Like 'Windows 7 Enterprise'}).Name

ForEach ($TargetHost  in $TargetHosts )
{

Invoke-command -computername $TargetHost { Get-ChildItem Cert:\CurrentUser\Root\‎2810178e6f7b4bd31f42c0946e822d116b9a144e | Remove-Item }

}

January 24, 2018 at 1:33 pm

Anybody any ideas?