Powershell查詢網域中的電腦並取得憑證值

Question

您可以像這樣檢查演算法：

$Cert = Get-ChildItem Cert:\LocalMachine\My\ | Select -First 1
if($Cert.SignatureAlgorithm.FriendlyName -like "sha2*"){
    Write-Host "SHA2 sig, all good"
}

若要取得網域中的所有計算機，您可以使用Get-ADComputer：

$Computers = Get-ADComputer -Filter {Enabled -eq $True}
foreach($Computer in $Computers){
    # Run your check against each $Computer in here
}

然後，您可以使用 PSRemoting，並在遠端電腦上執行檢查：

$pss = New-PSSession -ComputerName remotemachine.domain.tld
Invoke-Command -Session $pss -ScriptBlock {
    # code to check certs go here
}

或者您可以從自己的電腦直接連接到遠端憑證儲存：

$CertStore = New-Object System.Security.Cryptography.X509Certificates.X509Store "\\$ComputerName\My","LocalMachine"
$CertStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
foreach($Cert in $CertStore.Certificates){
    # once again, inspect $Cert.SignatureAlgorithm
}
$CertStore.Close()

Answer 1

您可以像這樣檢查演算法：

$Cert = Get-ChildItem Cert:\LocalMachine\My\ | Select -First 1
if($Cert.SignatureAlgorithm.FriendlyName -like "sha2*"){
    Write-Host "SHA2 sig, all good"
}

若要取得網域中的所有計算機，您可以使用Get-ADComputer：

$Computers = Get-ADComputer -Filter {Enabled -eq $True}
foreach($Computer in $Computers){
    # Run your check against each $Computer in here
}

然後，您可以使用 PSRemoting，並在遠端電腦上執行檢查：

$pss = New-PSSession -ComputerName remotemachine.domain.tld
Invoke-Command -Session $pss -ScriptBlock {
    # code to check certs go here
}

或者您可以從自己的電腦直接連接到遠端憑證儲存：

$CertStore = New-Object System.Security.Cryptography.X509Certificates.X509Store "\\$ComputerName\My","LocalMachine"
$CertStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
foreach($Cert in $CertStore.Certificates){
    # once again, inspect $Cert.SignatureAlgorithm
}
$CertStore.Close()

Powershell查詢網域中的電腦並取得憑證值

答案1

相關內容