none
SRP Certificate Rules

    Question

  • I have been using an SRP GPO with certificate rules for about a year, but I find that I need to add new certificate rules on a regular basis.  I've created a PowerShell script that can recurse through all the folder on a computer and extract the CER files from all the signed EXE, DLL, and MSI files on the system.  I've run this on a good cross section of my workstations and I have a pretty good list of about 300 CER files.  However, I'd now like to automate the creation of the certificate rules so that I don't have to import 300 files one-by-one.

    I've searched far and wide, but haven't found any automated, or scriptable, or non-tedious way of creating SRP certificate rules other than using the Group Policy Editor GUI.  Can anyone provide any hints or direction on how I might do this?

    Thank you.


    --Bill

    Monday, March 14, 2016 9:03 PM

All replies

  • Hi,

    Thanks for your post.

    As far as I know, we cannot import all the *.cer files into a SRP GPO as certificate rules, we have to manually edit the SRP GPO and add the certificate rules by importing the *.cer files one at a time. I will watching closely to this requirement, If there is any update, I will let you know immediately. It is also appreciated that the other members in our forum can share their experience with us about this scenario.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, March 15, 2016 2:45 AM
    Moderator
  • > As far as I know, we cannot import all the *.cer files into a SRP GPO as
     
    Microsoft can not. SDM software possibly can:
     
    I'm not sure if GPAE supports public key policies, but it might be worth
    dropping Darren a short request :)
     
    Tuesday, March 15, 2016 8:56 AM
  • Since this is mostly a one-time thing, I decided to go with the lazy approach and carefully used a macro recorder to perform all the repetitive work of mouse-clicks and keyboard entry.  FWIW, I used "Asoftech Automation" to automate the creation of 374 certificate rules overnight.

    I can't really re-use the macro since it depends on all the windows on my screen being in the same place.  I'd much rather have a cleaner, reusable, PowerShell-based solution, but it doesn't look like PowerShell can handle GPO settings yet.

    Tuesday, March 15, 2016 9:12 PM
  • Hi,

    Thanks for your kindly sharing and sorry for the limited help on this case.

    If there is anything else we can do for you, please feel free to post in the forum.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, March 16, 2016 2:45 AM
    Moderator