I want to remove the Certificate for a user and his computer. I have tried:
Import-Module PSPKI
Import-Module ActiveDirectory
$RequesterNameComputer = "A\B$";
$RequesterNameUser = "A\C";
certutil -view -out "RequestID,SerialNumber,RequesterName,RequestType,NotAfter,CommonName" csv > "$env:TEMP\tempcerts.csv";
$Csv = Import-Csv -Path "$env:TEMP\tempcerts.csv";
$csv | Select-Object "requester name" | Group-Object -Property "requester name" | Sort-Object -Property count;
$computer = $csv | Where-Object {$_."requester name" -eq $RequesterNameComputer} | ?{$_."Certificate Template" -like "*PlaygroundComputer"};
$computer
$User = $csv | Where-Object {$_."requester name" -eq $RequesterNameUser} | ?{$_."Certificate Template" -like "*User"};
$User
I know I have to use certutil -revoke but do not know how to adjust it to my script so that it deletes all certificate which shows $Computer and $User.
Import-Module PSPKI
Import-Module ActiveDirectory
$RequesterNameComputer = "A\B";
$RequesterNameUser = "A\C";
#certutil: display information about the digital certificates that are installed on a DirectAccess client, DirectAccess server, or intranet resource.
certutil -view -out "RequestID,SerialNumber,RequesterName,RequestType,NotAfter,CommonName,Certificate Template" csv > "$env:TEMP\tempcerts.csv";
$Csv = Import-Csv -Path "$env:TEMP\tempcerts.csv";
$csv | Select-Object "requester name" | Group-Object -Property "requester name" | Sort-Object -Property count;
$computer = $csv | Where-Object {$_."requester name" -eq $RequesterNameComputer} | ?{$_."Certificate Template" -like "*PlaygroundComputer"};
$computer
ForEach ($com in $computer){
certutil -revoke $com.'Serial Number' 5;
}
# certutil -installdefaulttemplates
$User = $csv | Where-Object {$_."requester name" -eq $RequesterNameUser} | ?{$_."Certificate Template" -like "*User"};
$User
foreach ($usr in $User){
certutil -revoke $usr.'Serial Number' 5;
}
Remove-Item -Path "$env:TEMP\tempcerts.csv" -Force;