Viewing certificates on another computer

by Trepidation at 2012-10-26 13:35:33


Is it possible to view certificates on other computers through powershell? I know through the certificates snap-in in MMC, I can browse other computers, but it is cumbersome and I’d like to be able to do them by list. I just want to see if they are present, nothing more.

The purpose of this, is that I am autoenrolling certificates through AD. Results are usually pretty good, but I’d like to have a method to verify prior to deploying software that relies on it. Also, I’d like to be able to use it as part of a troubleshooting tool (ambitious one I am).

Anyways, a great big “HOWDY!” to everyone. I’ve been working with powershell for about 8 months now. The stuff I do is pretty fisher price, but I’d like to add dimension to my capabilities.
by DonJ at 2012-10-26 13:41:13
Easy way would be to use Remoting. That’d give you access to the local machine’s CERT: drive very easily. That isn’t, necessarily, going to get you access to other users’ cert stores - it’d be the machine store, and your own personal store.

The Certificate PSProvider, as far as I’m aware, doesn’t support mapping to remote machines.
by Trepidation at 2012-10-26 15:54:55
yeah, I’m looking for the equivalent to “cert:\LocalMachine\My” from another machine

I’ve been looking into remote, but documentation seems a bit sketchy. I fear the GPO security hardenings applied put the clamp on connecting. I keep getting “The service is configured to not accept any remote shell requests.” I run through the super simple instructions provided, but I am missing something.

So much for my magic bullet. My next step was to start playing with remote. We’ve just started using psexec for a few tools, and it gives me the willies.

Oh, looks like I found it “allow remote shell access” disabled by GPO… time to email my security guys.
by DonJ at 2012-10-26 16:19:29
Secrets of PowerShell Remoting. Free on the Books tab here. Might help you at least verify your GPO suspicions. Worth revisiting that in your org - Remoting is not optional going forward. It’s the new management protocol.
by Trepidation at 2012-10-29 06:53:08
yeah, you were a lot quicker than I expected anyone to be. I updated my post and hadn’t noticed you replied.

I found what I believe is the GPO block, “allow remote shell access”. I could replicate the same error at home by changing the same option. Looks like I got my work cut out for me.