Powershell撤消證書

Question

我想刪除用戶和他的計算機的證書。 我曾嘗試：

Import-Module PSPKI 
Import-Module ActiveDirectory 

$RequesterNameComputer = "A\B$"; 
$RequesterNameUser = "A\C"; 

certutil -view -out "RequestID,SerialNumber,RequesterName,RequestType,NotAfter,CommonName" csv > "$env:TEMP\tempcerts.csv"; 

$Csv = Import-Csv -Path "$env:TEMP\tempcerts.csv"; 
$csv | Select-Object "requester name" | Group-Object -Property "requester name" | Sort-Object -Property count; 

$computer = $csv | Where-Object {$_."requester name" -eq $RequesterNameComputer} | ?{$_."Certificate Template" -like "*PlaygroundComputer"}; 
$computer 

$User = $csv | Where-Object {$_."requester name" -eq $RequesterNameUser} | ?{$_."Certificate Template" -like "*User"}; 
$User 

我知道我必須使用certutil -revoke但不知道怎麼會這樣，它會刪除所有證書，這表明$計算機和$用戶將其調整到我的腳本。

Answer 1

Import-Module PSPKI 
Import-Module ActiveDirectory 

$RequesterNameComputer = "A\B"; 
$RequesterNameUser = "A\C"; 

#certutil: display information about the digital certificates that are installed on a DirectAccess client, DirectAccess server, or intranet resource. 
certutil -view -out "RequestID,SerialNumber,RequesterName,RequestType,NotAfter,CommonName,Certificate Template" csv > "$env:TEMP\tempcerts.csv"; 

$Csv = Import-Csv -Path "$env:TEMP\tempcerts.csv"; 
$csv | Select-Object "requester name" | Group-Object -Property "requester name" | Sort-Object -Property count; 

$computer = $csv | Where-Object {$_."requester name" -eq $RequesterNameComputer} | ?{$_."Certificate Template" -like "*PlaygroundComputer"}; 
$computer 

ForEach ($com in $computer){ 
certutil -revoke $com.'Serial Number' 5; 
} 

# certutil -installdefaulttemplates 
$User = $csv | Where-Object {$_."requester name" -eq $RequesterNameUser} | ?{$_."Certificate Template" -like "*User"}; 
$User 

foreach ($usr in $User){ 
certutil -revoke $usr.'Serial Number' 5; 
} 

Remove-Item -Path "$env:TEMP\tempcerts.csv" -Force;