Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#Import certificate to local machine personal folder
$root = Set-Location -PassThru $PSScriptRoot
$cert = Get-ChildItem -Path $root | where {$_.Extension -like "*.pfx"}
$PlainTextPass = Read-Host -Prompt "Type .pfx password for '$cert' certificate"
$pfxpass = $PlainTextPass | ConvertTo-SecureString -AsPlainText -Force
$cert = $cert | Import-PfxCertificate -CertStoreLocation Cert:\LocalMachine\My -Exportable -Password $pfxpass
Write-Host "Certificate is imported"
#Grant permission to selected account on private key and MachineKeys folder
$fileName = $cert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
$path = "$env:ALLUSERSPROFILE\Microsoft\Crypto\RSA\MachineKeys\$fileName"
function SetPermissions([string[]]$accountNames)
{
$acl = Get-Acl -Path $path
# Add the new user and preserve all current permissions: SetAccessRuleProtection(False, X)
# Add the new user and remove all inherited permissions: SetAccessRuleProtection(True, False)
# Add the new user and convert all inherited permissions to explicit permissions: SetAccessRuleProtection(True, True)
$acl.SetAccessRuleProtection($True, $False)
foreach ($accountName in $accountNames) {
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($accountName,"Full","Allow")
$acl.AddAccessRule($rule)
}
Set-Acl -Path $path -AclObject $acl
Write-Host "Access to certificate is granted for $accountNames"
}
SetPermissions(@(
"me@sergeytihon.com",
"you@sergeytihon.com"
))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment