Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Add certificate to local computer account with powershell script

Posted on 2014-02-24
10
Medium Priority
?
1,196 Views
Last Modified: 2014-03-05
We have to add a wifi certificate to the local computer account and I would like to do this with powershell script.  Every computer that this applies to ends in either "-L" or "-T".  I am new to powershell and would like some assistance.  If you can explain the script, it would be a bonus to my learning.
0
Comment
Question by:Jeremy Tyre
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
10 Comments
 
LVL 79

Assisted Solution

by:arnold
arnold earned 400 total points
ID: 39884648
If theses systems are members of the domain, adding the certificate  to the computer GPO trusted certificates will make it uniform.

It sounds although you have an internal CA, configuring auto enrollment GPO will automate enrollment and renewal.

Presumably your inclination to powershell would righter require it to run as a startup script computer GPO or going through a list of hosts and remotely connecting.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 600 total points
ID: 39884940
I don't think \ aware this would be achievable through PowerShell

The simplest way to do this is GPO
https://supportforums.cisco.com/docs/DOC-17514

Check below step by step guide
[redacted reference to external site]

Mahesh
0
 
LVL 3

Author Closing Comment

by:Jeremy Tyre
ID: 39888496
Good answers, but does not answer the request as required.  I need powershell script because our network team does not want this done through GPO.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 79

Expert Comment

by:arnold
ID: 39888526
There is a powershell cmdlet that interfaces with the certificate store, you would still need to use a GPO to run the command on each system.  Certain things like installing new certificates can not be done by accessing the certificate store remotely.

Presumably your plan would be to use something like psexec to remotely connect to each system and then run the powershell command.

I am puzzled why your network team does not want to use a GPO which is how one centrally manages systems.
0
 
LVL 3

Author Comment

by:Jeremy Tyre
ID: 39888609
They have us doing it manually for each computer/tablet.  I was thinking that if there was a powershell script that could run at startup that targets only these computers then it would work around them and save me time on the hundreds of computers we have to setup.
0
 
LVL 79

Expert Comment

by:arnold
ID: 39889131
How are you going to deploy these powershell scripts to run at startup without a GPO? Edit registry that might get ?
certutil might be the command you want to use.

There are many examples on the net for powershell/vbscript

You would need to configure the wifi as well from EAP to certificate based authentication.

Do you have an internal CA or you have to generate and create the certificate that will be used?
0
 
LVL 3

Author Comment

by:Jeremy Tyre
ID: 39894579
I prefer startup.  We have an internal CA.
0
 
LVL 79

Expert Comment

by:arnold
ID: 39895353
Have you looked at using certutil?
http://technet.microsoft.com/en-us/library/cc732443.aspx

You can use psexec/vbscript to iterate through your systems, and then request/enroll into the certifcates.

certutil includes the options to import a pfx.
Did you already go through the browser to the CA to request/create certificates?


You have an Internal CA, you have an AD environment.  You have GPOs setup, but your network folks, do not want to use the centrally available resources to push the certificate/enrollment?

Computers that meet your criteria can be added into a security group.  The security group can then be used within the GPO setup to function as a filter.
0
 
LVL 3

Author Comment

by:Jeremy Tyre
ID: 39906290
The server team and I want to do it through GPO, but for some unknown reason the network team does not.  I am with you on using the resources available and save myself hours of work on doing this to a couple hundred devices.  

I want to use the script to save myself a lot of time and just run it manually on each computer with a few other scripts I have made.  I currently use MMC to manually add it on each machine.

Sorry about the delay I have been swamped with work and school
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question