by Trepidation at 2012-10-26 13:35:33
Hello,by DonJ at 2012-10-26 13:41:13
Is it possible to view certificates on other computers through powershell? I know through the certificates snap-in in MMC, I can browse other computers, but it is cumbersome and I’d like to be able to do them by list. I just want to see if they are present, nothing more.
The purpose of this, is that I am autoenrolling certificates through AD. Results are usually pretty good, but I’d like to have a method to verify prior to deploying software that relies on it. Also, I’d like to be able to use it as part of a troubleshooting tool (ambitious one I am).
Anyways, a great big “HOWDY!” to everyone. I’ve been working with powershell for about 8 months now. The stuff I do is pretty fisher price, but I’d like to add dimension to my capabilities.
Easy way would be to use Remoting. That’d give you access to the local machine’s CERT: drive very easily. That isn’t, necessarily, going to get you access to other users’ cert stores - it’d be the machine store, and your own personal store.by Trepidation at 2012-10-26 15:54:55
The Certificate PSProvider, as far as I’m aware, doesn’t support mapping to remote machines.
yeah, I’m looking for the equivalent to “cert:\LocalMachine\My” from another machineby DonJ at 2012-10-26 16:19:29
I’ve been looking into remote, but documentation seems a bit sketchy. I fear the GPO security hardenings applied put the clamp on connecting. I keep getting “The service is configured to not accept any remote shell requests.” I run through the super simple instructions provided, but I am missing something.
So much for my magic bullet. My next step was to start playing with remote. We’ve just started using psexec for a few tools, and it gives me the willies.
Oh, looks like I found it “allow remote shell access” disabled by GPO… time to email my security guys.
Secrets of PowerShell Remoting. Free on the Books tab here. Might help you at least verify your GPO suspicions. Worth revisiting that in your org - Remoting is not optional going forward. It’s the new management protocol.by Trepidation at 2012-10-29 06:53:08
yeah, you were a lot quicker than I expected anyone to be. I updated my post and hadn’t noticed you replied.
I found what I believe is the GPO block, “allow remote shell access”. I could replicate the same error at home by changing the same option. Looks like I got my work cut out for me.