Certificate Inventory |
This tool will read the certificates in the personal "MY" folder and inject them in to WMI where they will be inventoried |
Documentation |
This tool will read the certificates in the Personal Store and inject them into WMI. It will be necessary for this to be run as an
Advertisement every x days to allow the data in the inventory to update. To decrease the necessary time the data included will have the number of days until the certificate
expires. This can be use with reports to determine if any certs are about to expire or have already expired. The biggest problem with native mode clients is a invalid computer certificate.
If it doesn't auto renew, for whatever reason, the machine will be dead. The SMS_Def.MOF file will need to be modified. Below is the data collected for each certificate.
DaysToExpire FriendlyName IssuerName SubjectName ValidFrom ValidTo ScriptLastRan NOTE: Capicom is required to read the certificate data. ----------SMS_DEF.MOF------------------------------------------- [ SMS_Report (TRUE), SMS_Group_Name ("Certificates"), SMS_Class_ID ("CUSTOM|Certificates|1.0") ] class SCCM_Certs : SMS_Class_Template { [SMS_Report (TRUE), key ] uint32 Counter; [SMS_Report (TRUE) ] uint32 DaysToExpire; [SMS_Report (TRUE) ] string EKUOID; [SMS_Report (TRUE) ] string FriendlyName; [SMS_Report (TRUE) ] string IssuerName; [SMS_Report (TRUE) ] string ScriptLastRan; [SMS_Report (TRUE) ] string SubjectName; [SMS_Report (TRUE) ] string ValidFrom; [SMS_Report (TRUE) ] string ValidTo; }; ------------------------------------------------------------- ----------CERTIFICATES.VBS------------------------------------------- '**************************************************************** 'Certificate Retreival 'Created by: Matthew Hudson & Sherry Kissinger ' 5/09/2009 ' '**************************************************************** ' http://msdn.microsoft.com/en-us/library/aa376092(VS.85).aspx 'c:\windows\syswow64\cscript NameOfTheScript.vbs to use the 32bit capicom 'Option Explicit On Error Resume next dim ExtProp, certificatedata,Extension,EKU dim sho, fso, strcurrentdir, strsysfolder Set sho = Wscript.CreateObject("Wscript.Shell") Set FSO = CreateObject("Scripting.FileSystemObject") Dim Store, Certificates, Certificate Dim StrsubjectName(500), STRIssuerName(500), strValidFrom(500), strValidTo(500), strDaysToExpire(500), i,j,k,g,m Dim strEDUOID(500,500), StrFriendlyName(500,500) Const CAPICOM_LOCAL_MACHINE_STORE = 1 Const CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME = 1 Const CAPICOM_STORE_OPEN_READ_ONLY = 0 const CAPICOM_PROPID_FRIENDLY_NAME =11 const CAPICOM_ENCODE_BINARY = 1 Set Store = CreateObject("CAPICOM.Store") Select Case err.number Case 0'object registered OK Case 429'CAPICOM needs to be registered registercapicom 'go register capicom err.Clear Case Else wscript err.number err.Clear End Select Store.Open CAPICOM_LOCAL_MACHINE_STORE, "MY" ,CAPICOM_STORE_OPEN_READ_ONLY Set Certificates = Store.Certificates If Certificates.Count >0 Then For Each Certificate in Certificates g=g+1 strSubjectName(g) = Certificate.SubjectName strIssuerName(g) = Certificate.IssuerName strValidFrom(g) = Certificate.ValidFromDate strValidTo(g) = Certificate.ValidToDate strDaysToExpire(g) = DateDiff("d",now(),Certificate.ValidToDate) if Certificate.ExtendedKeyUsage.IsPresent Then i=1 For Each EKU In Certificate.ExtendedKeyUsage.Ekus strEDUOID(g,i) = EKU.OID i=i+1 Next end if For Each ExtProp In Certificate.ExtendedProperties j=1 If ExtProp.PropID = CAPICOM_PROPID_FRIENDLY_NAME then strFriendlyName(g,j) = ExtProp.Value (CAPICOM_ENCODE_BINARY) j=j+1 End if Next Next End If '------The dump in WMI section Dim wbemCimtypeSint16 Dim wbemCimtypeSint32 Dim wbemCimtypeReal32 Dim wbemCimtypeReal64 Dim wbemCimtypeString Dim wbemCimtypeBoolean Dim wbemCimtypeObject Dim wbemCimtypeSint8 Dim wbemCimtypeUint8 Dim wbemCimtypeUint16 Dim wbemCimtypeUint32 Dim wbemCimtypeSint64 Dim wbemCimtypeUint64 Dim wbemCimtypeDateTime Dim wbemCimtypeReference Dim wbemCimtypeChar16 wbemCimtypeSint16 = 2 wbemCimtypeSint32 = 3 wbemCimtypeReal32 = 4 wbemCimtypeReal64 = 5 wbemCimtypeString = 8 wbemCimtypeBoolean = 11 wbemCimtypeObject = 13 wbemCimtypeSint8 = 16 wbemCimtypeUint8 = 17 wbemCimtypeUint16 = 18 wbemCimtypeUint32 = 19 wbemCimtypeSint64 = 20 wbemCimtypeUint64 = 21 wbemCimtypeDateTime = 101 wbemCimtypeReference = 102 wbemCimtypeChar16 = 103 Set oLocation = CreateObject("WbemScripting.SWbemLocator") 'Remove classes Set oServices = oLocation.ConnectServer(, "root\cimv2") set oNewObject = oServices.Get("SCCM_Certs") oNewObject.Delete_ Set oServices = oLocation.ConnectServer(, "root\cimv2\SMS") set oNewObject = oServices.Get("SCCM_Certs") oNewObject.Delete_ 'Create data class structure Set oServices = oLocation.ConnectServer(, "root\cimv2") Set oDataObject = oServices.Get oDataObject.Path_.Class = "SCCM_Certs" oDataObject.Properties_.add "Counter", wbemCimtypeUint32 oDataObject.Properties_.add "SubjectName", wbemCimtypeString oDataObject.Properties_.add "IssuerName", wbemCimtypeString oDataObject.Properties_.add "ValidFrom", wbemCimtypeString oDataObject.Properties_.add "ValidTo", wbemCimtypeString oDataObject.Properties_.add "DaysToExpire", wbemCimtypeUint32 oDataObject.Properties_.add "EKUOID", wbemCimtypeString oDataObject.Properties_.add "FriendlyName", wbemCimtypeString oDataObject.Properties_.add "ScriptLastRan", wbemCimtypeString oDataObject.Properties_("Counter").Qualifiers_.add "key", True oDataObject.Put_ '********************************************* 'Add Instances to data class Set oServices = oLocation.ConnectServer(, "root\cimv2") for k = 1 to g 'number of certs Set oNewObject = oServices.Get("SCCM_Certs").SpawnInstance_ oNewObject.Counter = k oNewObject.SubjectName = strSubjectName(k) oNewObject.IssuerName = strIssuerName(k) oNewObject.ValidFrom = strValidFrom(k) oNewObject.ValidTo = strValidTo(k) onewObject.DaysToExpire = strDaysToExpire(k) oNewObject.FriendlyName = strFriendlyName(k,1) for m = 1 to i 'number of extended keys if strEDUOID(k,m) = "" then 'do nothing else if m = 1 then oNewObject.EKUOID = strEDUOID(k,m) else oNewObject.EKUOID = oNewObject.EKUOID &"," & strEDUOID(k,m) end if end if next oNewObject.ScriptLastRan = Now oNewObject.Put_ next 'end of number of certs 'Create reporting class structure Set oServices = oLocation.ConnectServer(, "root\cimv2\SMS") Set oRptObject = oServices.Get("SMS_Class_Template").SpawnDerivedClass_ 'Set Class Name and Qualifiers oRptObject.Path_.Class = "SCCM_Certs" oRptObject.Qualifiers_.Add "SMS_Report", True oRptObject.Qualifiers_.Add "SMS_Group_Name", "Certificates" oRptObject.Qualifiers_.Add "SMS_Class_ID", "Custom|Certificates|1.0" 'Add Reporting Class Properties oRptObject.Properties_.Add("Counter", wbemCimtypeUint32).Qualifiers_.Add "SMS_Report", True oRptObject.Properties_.Add("SubjectName", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True oRptObject.Properties_.Add("IssuerName", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True oRptObject.Properties_.Add("ValidFrom", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True oRptObject.Properties_.Add("ValidTo", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True oRptObject.Properties_.Add("DaysToExpire", wbemCimtypeUint32).Qualifiers_.Add "SMS_Report", True oRptObject.Properties_.Add("EKUOID", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True oRptObject.Properties_.Add("FriendlyName", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True oRptObject.Properties_.Add("ScriptLastRan", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True oRptObject.Properties_("Counter" ).Qualifiers_.Add "key", True oRptObject.Put_ Set Certificates = Nothing Set Store = Nothing sub registercapicom '''''''''''''' registr capcom.dll from system 32 strCurrentDir = Left(Wscript.ScriptFullName, (InstrRev(Wscript.ScriptFullName, "\") -1)) Set strSysFolder = FSO.GetSpecialFolder(1) 'get system32 folder 'Copy the dll to the system folder FSO.CopyFile strcurrentdir & "\capicom.dll",strSysFolder & "\" 'Register the dll sho.Run "cmd.exe /c regsvr32.exe /s " & Chr(34) &_ strSysFolder & "\capicom.dll" & Chr(34),0,vbTrue end sub -------------------------------------------------------------- Created by: Matthew Hudson & Sherry Kissinger |