Ping a Specific Port

Question

Wes Sayeed

Asked: 2014-06-07 09:41:16 +0800 CST2014-06-07 09:41:16 +0800 CST 2014-06-07 09:41:16 +0800 CST

Delete SCCM Certificate from Command Line

772

So we have a situation where a contractor deployed about 200 Windows 7 computers that were cloned improperly. The SCCM cert was not cleaned off the reference machine before it was sysprepped. Now because of the duplicate certs, the SCCM console is getting crapped up with invalid device records all over the place.

I need to script the removal of the bad cert on all these machines but I don't know how to do it from the command line. I assume I would be using Certutil.exe but I can't figure out what arguments to pass. I'm also familiar with WMI and VBScript, so if there were a certificate class I could use that would would work too.

I appreciate any help anyone could offer.

2 Answers

Voted

Bin · Answer 1 · 2014-06-07T10:28:56+08:00

Best Answer

Bin

2014-06-07T10:28:56+08:002014-06-07T10:28:56+08:00

You could use PSEXEC to remotely reinstall the SCCM client and reset the key to all 200 computers.

psexec @c:\lists\NeedSccm.txt -u domain\admin -h -d "\\SCCMSERVER\SHARE$\ccmsetup.exe" RESETKEYINFORMATION=TRUE

4

MDMoore313 · Answer 2 · 2014-06-07T10:35:48+08:00

I don't know about an SCCM certificate, as our clients use the autorequested domain certificate for client auth. However, I still may be able to help. Navigate to the cert store in powershell, like so:

PS Cert:\LocalMachine\My> Get-ChildItem


    Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\My


Thumbprint                                Subject                                                                                                                           
----------                                -------                                                                                                                           
A34F86ACC5HAHAYEAHRIGHTF731B798EF24F6D6D0B  CN=BIG-HOMIEPC, OU=Computers, DC=eng, DC=mit, DC=edu                                                       
5DAC23B07490B5C602EC4F04GEDDABOUDIT94FF41A  CN=localhost

Once there, simply remove the certificate with the proper subject,

PS Cert:\LocalMachine\My> Get-ChildItem | where {$_.Subject -like "*DC=end, DC=mit, DC=edu*"} | Remove-Item -WhatIf

This will work in a script as well.

Delete SCCM Certificate from Command Line

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?