Viewing certificates on another computer

This topic contains 0 replies, has 1 voice, and was last updated by  Forums Archives 5 years, 9 months ago.

  • Author
    Posts
  • #5235

    by Trepidation at 2012-10-26 13:35:33

    Hello,

    Is it possible to view certificates on other computers through powershell? I know through the certificates snap-in in MMC, I can browse other computers, but it is cumbersome and I'd like to be able to do them by list. I just want to see if they are present, nothing more.

    The purpose of this, is that I am autoenrolling certificates through AD. Results are usually pretty good, but I'd like to have a method to verify prior to deploying software that relies on it. Also, I'd like to be able to use it as part of a troubleshooting tool (ambitious one I am).

    Anyways, a great big "HOWDY!" to everyone. I've been working with powershell for about 8 months now. The stuff I do is pretty fisher price, but I'd like to add dimension to my capabilities.

    by DonJ at 2012-10-26 13:41:13

    Easy way would be to use Remoting. That'd give you access to the local machine's CERT: drive very easily. That isn't, necessarily, going to get you access to other users' cert stores – it'd be the machine store, and your own personal store.

    The Certificate PSProvider, as far as I'm aware, doesn't support mapping to remote machines.

    by Trepidation at 2012-10-26 15:54:55

    yeah, I'm looking for the equivalent to "cert:\LocalMachine\My" from another machine

    I've been looking into remote, but documentation seems a bit sketchy. I fear the GPO security hardenings applied put the clamp on connecting. I keep getting "The service is configured to not accept any remote shell requests." I run through the super simple instructions provided, but I am missing something.

    So much for my magic bullet. My next step was to start playing with remote. We've just started using psexec for a few tools, and it gives me the willies.

    Oh, looks like I found it "allow remote shell access" disabled by GPO... time to email my security guys.

    by DonJ at 2012-10-26 16:19:29

    Secrets of PowerShell Remoting. Free on the Books tab here. Might help you at least verify your GPO suspicions. Worth revisiting that in your org – Remoting is not optional going forward. It's the new management protocol.

    by Trepidation at 2012-10-29 06:53:08

    yeah, you were a lot quicker than I expected anyone to be. I updated my post and hadn't noticed you replied.

    I found what I believe is the GPO block, "allow remote shell access". I could replicate the same error at home by changing the same option. Looks like I got my work cut out for me.

You must be logged in to reply to this topic.