-
-
Save AX-AMaxwell/0e2ec9de50460d5595f6e5790eb7a96c to your computer and use it in GitHub Desktop.
Certificate Deploy - Evaluation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Installs a certificate to the specified device-wide certificate store. | |
.DESCRIPTION | |
To utilize this script, a "Payload" with the name defined in $certName variable below ( default: 'trusted.cer' ) must be attached to the configured Worklet policy. | |
.PARAMETER CertName | |
Remediation Only | |
[ string ] : Mandatory | |
The name of the certificate file being deployed as a payload for installation to the specified CertStore. | |
DEFAULT: 'trusted.cer' | |
.PARAMETER CertStore | |
Evaluation & Remediation | |
[ string ] : Mandatory | |
The name of the certificate store to deploy the certificate to. | |
OPTIONS: Too many to list, see PowerShell command output from "Get-ChildItem Cert:\". | |
DEFAULT: Root, this corresponds to the 'Trusted Root Certification Authorities'. | |
.PARAMETER CertThumbprint | |
Evaluation Only | |
[ string ] : Optional | |
The certificate thumbprint to look for when performing the device evaluation. IF LEFT BLANK, this policy will always trigger remediation. | |
.NOTES | |
Author : Anthony Maxwell | |
Date : 07/24/2023 | |
#> | |
######################################### | |
# PARAMETERS | |
# define the certificate store to place this certificate in | |
# default is the 'Trusted Root Certification Authorities' store | |
$certStore = 'Root' | |
# define the certificate thumbprint | |
# used to evaluate if the certificate has already been installed and eliminate needless certificate installation | |
$certThumbprint = '3CF9BC20347CB8F7A7FA8882CBE8C177A8B4B524' | |
######################################### | |
# VARS | |
# assign default certThumbprint if blank | |
# this is required for Get-Item to produce an error | |
if ( !$certThumbprint ) { $certThumbprint = 'NULL' } | |
# assign default certstore if blank | |
if ( !$certStore ) { $certStore = 'Root' } | |
######################################### | |
# EVALUATION | |
try | |
{ | |
# attempt to retrieve the certificate by thumbprint | |
Get-Item -Path "Cert:\LocalMachine\$certStore\$certThumbprint" -ErrorAction Stop | Out-Null | |
Write-Output 'The certificate has already been installed, exiting.' | |
exit 0 | |
} | |
catch | |
{ | |
Write-Output 'The certificate is not present on this device, remediation required.' | |
exit 1 | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment