-
-
Save AX-AMaxwell/157a3493239af98c1cf74bde48f2c4e6 to your computer and use it in GitHub Desktop.
Certificate Deploy - Remediation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Installs a certificate to the specified device-wide certificate store. | |
.DESCRIPTION | |
To utilize this script, a "Payload" with the name defined in $certName variable below ( default: 'trusted.cer' ) must be attached to the configured Worklet policy. | |
.PARAMETER CertName | |
Remediation Only | |
[ string ] : Mandatory | |
The name of the certificate file being deployed as a payload for installation to the specified CertStore. | |
DEFAULT: 'trusted.cer' | |
.PARAMETER CertStore | |
Evaluation & Remediation | |
[ string ] : Mandatory | |
The name of the certificate store to deploy the certificate to. | |
OPTIONS: Too many to list, see PowerShell command output from "Get-ChildItem Cert:\". | |
DEFAULT: Root, this corresponds to the 'Trusted Root Certification Authorities'. | |
.PARAMETER CertThumbprint | |
Evaluation Only | |
[ string ] : Optional | |
The certificate thumbprint to look for when performing the device evaluation. IF LEFT BLANK, this policy will always trigger remediation. | |
.NOTES | |
Author : Anthony Maxwell | |
Date : 07/24/2023 | |
#> | |
######################################### | |
# PARAMETERS | |
# define the name of the certificate to be deployed | |
# this should MATCH the name of the certificate used in the Automox Console payload | |
$certName = 'trusted.cer' | |
# define the certificate store to place this certificate in | |
# default is the 'Trusted Root Certification Authorities' store | |
$certStore = 'Root' | |
######################################### | |
# VARS | |
# define cert path | |
$certPath = ".\$certName" | |
######################################### | |
# REMEDIATION | |
if ( Test-Path -Path $certPath -PathType Leaf ) | |
{ | |
try | |
{ | |
# import the certificate | |
Import-Certificate -FilePath $certPath -CertStoreLocation "Cert:\LocalMachine\$certStore" -Confirm:$false | Out-Null | |
Write-Output 'Certificate import completed successfully, exiting.' | |
exit 0 | |
} | |
catch | |
{ | |
Write-Error 'The certificate import failed, exiting.' | |
exit 1 | |
} | |
} | |
else | |
{ | |
Write-Error "Unable to detect certificate with name `"$certName`". Is a payload attached to the policy with this name?" | |
exit 1 | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment