locked
Delete Certificate from Remote Computer using Powershell script RRS feed

  • Question

  • Hi,

    Please help in deleting the certificate in Remote Computers Certificate Store.

    Here the issue is, ChildItem is fetching all the certificate thumbprints irrespective of the Input that I have given in $txt_CertName.

    Tried below Powershell script

    #
    
    $computers=$InputBox.lines.Split("`n")
    foreach($computer in $computers)
    {
     try{
    	
        $cert = Invoke-Command -ComputerName $computer{Get-ChildItem Cert:\LocalMachine\MY | Where-Object {$_.subject -like "*$txt_CertName*" -AND $_.Subject -notmatch "CN=$env:COMPUTERNAME"}}
        $thumbprint = $cert.Thumbprint.ToString()
        If (Test-Path -Path "$computer\Cert:\LocalMachine\My\$thumbprint")
        {
          Remove-Item -Path Cert:\LocalMachine\My\$thumbprint -DeleteKey
        }
    	
    }
    
    }
    Tuesday, March 27, 2018 5:47 PM

Answers

  • First, You need to use help system to read and understand about Invoke-Command and scriptblocks.

    Get-Help Invoke-Command -Full will do that for you.

    Once you read , you will understand the below updated code.

    $Computers=$InputBox.lines.Split("`n")
    
    Invoke-Command -ComputerName $Computers {
        Param($Txt_CertName)
        Get-ChildItem Cert:\LocalMachine\MY | Where-Object { ($_.subject -like "*$Txt_CertName*") -AND ($_.Subject -notmatch "CN=$env:COMPUTERNAME") | Remove-Item -Verbose
    } -ArgumentList $CertName

    You have to use Param() and pass values to the scriptblock to make it available inside the scriptblock. And more over to that, Invoke-Command will accept array of computer names.

    So I would suggest you to read the help for Invoke-Command


    Regards kvprasoon


    Tuesday, March 27, 2018 6:17 PM

All replies

  • Hi Pavan,

    I think you're having an issue with the parameters here. Are you invoking the command in this format?

    $command = { Get-EventLog -log "Windows PowerShell" | where {$_.Message -like "*certificate*"} }
    Invoke-Command -ComputerName S1, S2 -ScriptBlock $command

    Regards

    Simon


    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful. Regards Simon Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights.


    • Edited by Simon.Rech Tuesday, March 27, 2018 6:21 PM
    Tuesday, March 27, 2018 6:06 PM
  • First, You need to use help system to read and understand about Invoke-Command and scriptblocks.

    Get-Help Invoke-Command -Full will do that for you.

    Once you read , you will understand the below updated code.

    $Computers=$InputBox.lines.Split("`n")
    
    Invoke-Command -ComputerName $Computers {
        Param($Txt_CertName)
        Get-ChildItem Cert:\LocalMachine\MY | Where-Object { ($_.subject -like "*$Txt_CertName*") -AND ($_.Subject -notmatch "CN=$env:COMPUTERNAME") | Remove-Item -Verbose
    } -ArgumentList $CertName

    You have to use Param() and pass values to the scriptblock to make it available inside the scriptblock. And more over to that, Invoke-Command will accept array of computer names.

    So I would suggest you to read the help for Invoke-Command


    Regards kvprasoon


    Tuesday, March 27, 2018 6:17 PM
  • Hi Simon,

    Yes.

    Tuesday, March 27, 2018 6:37 PM
  • Hi Prasoon,

    Thanks for the help.

    Tuesday, March 27, 2018 6:44 PM