none
EFS certificates template

    Question

  • I'm trying to come up with a script (probably a one liner) that can output the template that was used to create a certificate specifically. I have a site that want..to be able to report on their EFS certificates and which template was used 


    Steven

    Thursday, March 22, 2012 3:06 PM

Answers

  • certutil -view -restrict "disposition=20,CertificateTemplate=OID" -out "RequestID,RequesterName,CertificateTemplate,Issued Common Name,User Principal Name"

    You need to replace OID with the OID of the Basic EFS certificate template (You can get this from any Basic EFS certificate)

    Brian

    • Marked as answer by Bruce-Liu Thursday, March 29, 2012 2:14 AM
    Thursday, March 22, 2012 7:41 PM

All replies

  • What are you running the script against - The local user MY store or the CA database

    Brian

    Thursday, March 22, 2012 4:00 PM
  • for local stores you can use the following command: certutil -store -user my

    My weblog: http://en-us.sysadmins.lv
    PowerShell PKI Module: http://pspki.codeplex.com
    Windows PKI reference: on TechNet wiki

    Thursday, March 22, 2012 4:24 PM
  • Thanks.. the script needs to run against the CA database. My site in Japan want to be able to report their EFS certificates and which template was used as they have a number from India, which is incorrect.. so i was looking for a script that can output the template that was used to create a certificate specifically

    Steven

    Thursday, March 22, 2012 6:42 PM
  • certutil -view -restrict "disposition=20,CertificateTemplate=OID" -out "RequestID,RequesterName,CertificateTemplate,Issued Common Name,User Principal Name"

    You need to replace OID with the OID of the Basic EFS certificate template (You can get this from any Basic EFS certificate)

    Brian

    • Marked as answer by Bruce-Liu Thursday, March 29, 2012 2:14 AM
    Thursday, March 22, 2012 7:41 PM