Powershell 吊销证书
Powershell Revoke Certificate
我想删除用户及其计算机的证书。
我试过:
Import-Module PSPKI
Import-Module ActiveDirectory
$RequesterNameComputer = "A\B$";
$RequesterNameUser = "A\C";
certutil -view -out "RequestID,SerialNumber,RequesterName,RequestType,NotAfter,CommonName" csv > "$env:TEMP\tempcerts.csv";
$Csv = Import-Csv -Path "$env:TEMP\tempcerts.csv";
$csv | Select-Object "requester name" | Group-Object -Property "requester name" | Sort-Object -Property count;
$computer = $csv | Where-Object {$_."requester name" -eq $RequesterNameComputer} | ?{$_."Certificate Template" -like "*PlaygroundComputer"};
$computer
$User = $csv | Where-Object {$_."requester name" -eq $RequesterNameUser} | ?{$_."Certificate Template" -like "*User"};
$User
我知道我必须使用 certutil -revoke
但不知道如何根据我的脚本调整它,以便它删除所有显示 $Computer 和 $User 的证书。
Import-Module PSPKI
Import-Module ActiveDirectory
$RequesterNameComputer = "A\B";
$RequesterNameUser = "A\C";
#certutil: display information about the digital certificates that are installed on a DirectAccess client, DirectAccess server, or intranet resource.
certutil -view -out "RequestID,SerialNumber,RequesterName,RequestType,NotAfter,CommonName,Certificate Template" csv > "$env:TEMP\tempcerts.csv";
$Csv = Import-Csv -Path "$env:TEMP\tempcerts.csv";
$csv | Select-Object "requester name" | Group-Object -Property "requester name" | Sort-Object -Property count;
$computer = $csv | Where-Object {$_."requester name" -eq $RequesterNameComputer} | ?{$_."Certificate Template" -like "*PlaygroundComputer"};
$computer
ForEach ($com in $computer){
certutil -revoke $com.'Serial Number' 5;
}
# certutil -installdefaulttemplates
$User = $csv | Where-Object {$_."requester name" -eq $RequesterNameUser} | ?{$_."Certificate Template" -like "*User"};
$User
foreach ($usr in $User){
certutil -revoke $usr.'Serial Number' 5;
}
Remove-Item -Path "$env:TEMP\tempcerts.csv" -Force;
我想删除用户及其计算机的证书。 我试过:
Import-Module PSPKI
Import-Module ActiveDirectory
$RequesterNameComputer = "A\B$";
$RequesterNameUser = "A\C";
certutil -view -out "RequestID,SerialNumber,RequesterName,RequestType,NotAfter,CommonName" csv > "$env:TEMP\tempcerts.csv";
$Csv = Import-Csv -Path "$env:TEMP\tempcerts.csv";
$csv | Select-Object "requester name" | Group-Object -Property "requester name" | Sort-Object -Property count;
$computer = $csv | Where-Object {$_."requester name" -eq $RequesterNameComputer} | ?{$_."Certificate Template" -like "*PlaygroundComputer"};
$computer
$User = $csv | Where-Object {$_."requester name" -eq $RequesterNameUser} | ?{$_."Certificate Template" -like "*User"};
$User
我知道我必须使用 certutil -revoke
但不知道如何根据我的脚本调整它,以便它删除所有显示 $Computer 和 $User 的证书。
Import-Module PSPKI
Import-Module ActiveDirectory
$RequesterNameComputer = "A\B";
$RequesterNameUser = "A\C";
#certutil: display information about the digital certificates that are installed on a DirectAccess client, DirectAccess server, or intranet resource.
certutil -view -out "RequestID,SerialNumber,RequesterName,RequestType,NotAfter,CommonName,Certificate Template" csv > "$env:TEMP\tempcerts.csv";
$Csv = Import-Csv -Path "$env:TEMP\tempcerts.csv";
$csv | Select-Object "requester name" | Group-Object -Property "requester name" | Sort-Object -Property count;
$computer = $csv | Where-Object {$_."requester name" -eq $RequesterNameComputer} | ?{$_."Certificate Template" -like "*PlaygroundComputer"};
$computer
ForEach ($com in $computer){
certutil -revoke $com.'Serial Number' 5;
}
# certutil -installdefaulttemplates
$User = $csv | Where-Object {$_."requester name" -eq $RequesterNameUser} | ?{$_."Certificate Template" -like "*User"};
$User
foreach ($usr in $User){
certutil -revoke $usr.'Serial Number' 5;
}
Remove-Item -Path "$env:TEMP\tempcerts.csv" -Force;