 Certificate Inventory |
| This tool will read the certificates in the personal "MY" folder and inject them in to WMI where they will be inventoried |
| Documentation |
| This tool will read the certificates in the Personal Store and inject them into WMI. It will be necessary for this to be run as an
Advertisement every x days to allow the data in the inventory to update. To decrease the necessary time the data included will have the number of days until the certificate
expires. This can be use with reports to determine if any certs are about to expire or have already expired. The biggest problem with native mode clients is a invalid computer certificate.
If it doesn't auto renew, for whatever reason, the machine will be dead. The SMS_Def.MOF file will need to be modified. Below is the data collected for each certificate.
DaysToExpire FriendlyName IssuerName SubjectName ValidFrom ValidTo ScriptLastRan 
NOTE: Capicom is required to read the certificate data.
----------SMS_DEF.MOF-------------------------------------------
[ SMS_Report (TRUE),
SMS_Group_Name ("Certificates"),
SMS_Class_ID ("CUSTOM|Certificates|1.0") ]
class SCCM_Certs : SMS_Class_Template
{
[SMS_Report (TRUE), key ] uint32 Counter;
[SMS_Report (TRUE) ] uint32 DaysToExpire;
[SMS_Report (TRUE) ] string EKUOID;
[SMS_Report (TRUE) ] string FriendlyName;
[SMS_Report (TRUE) ] string IssuerName;
[SMS_Report (TRUE) ] string ScriptLastRan;
[SMS_Report (TRUE) ] string SubjectName;
[SMS_Report (TRUE) ] string ValidFrom;
[SMS_Report (TRUE) ] string ValidTo;
};
-------------------------------------------------------------
----------CERTIFICATES.VBS-------------------------------------------
'****************************************************************
'Certificate Retreival
'Created by: Matthew Hudson & Sherry Kissinger
' 5/09/2009
'
'****************************************************************
' http://msdn.microsoft.com/en-us/library/aa376092(VS.85).aspx
'c:\windows\syswow64\cscript NameOfTheScript.vbs to use the 32bit capicom
'Option Explicit
On Error Resume next
dim ExtProp, certificatedata,Extension,EKU
dim sho, fso, strcurrentdir, strsysfolder
Set sho = Wscript.CreateObject("Wscript.Shell")
Set FSO = CreateObject("Scripting.FileSystemObject")
Dim Store, Certificates, Certificate
Dim StrsubjectName(500), STRIssuerName(500), strValidFrom(500), strValidTo(500), strDaysToExpire(500), i,j,k,g,m
Dim strEDUOID(500,500), StrFriendlyName(500,500)
Const CAPICOM_LOCAL_MACHINE_STORE = 1
Const CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME = 1
Const CAPICOM_STORE_OPEN_READ_ONLY = 0
const CAPICOM_PROPID_FRIENDLY_NAME =11
const CAPICOM_ENCODE_BINARY = 1
Set Store = CreateObject("CAPICOM.Store")
Select Case err.number
Case 0'object registered OK
Case 429'CAPICOM needs to be registered
registercapicom 'go register capicom
err.Clear
Case Else
wscript err.number
err.Clear
End Select
Store.Open CAPICOM_LOCAL_MACHINE_STORE, "MY" ,CAPICOM_STORE_OPEN_READ_ONLY
Set Certificates = Store.Certificates
If Certificates.Count >0 Then
For Each Certificate in Certificates
g=g+1
strSubjectName(g) = Certificate.SubjectName
strIssuerName(g) = Certificate.IssuerName
strValidFrom(g) = Certificate.ValidFromDate
strValidTo(g) = Certificate.ValidToDate
strDaysToExpire(g) = DateDiff("d",now(),Certificate.ValidToDate)
if Certificate.ExtendedKeyUsage.IsPresent Then
i=1
For Each EKU In Certificate.ExtendedKeyUsage.Ekus
strEDUOID(g,i) = EKU.OID
i=i+1
Next
end if
For Each ExtProp In Certificate.ExtendedProperties
j=1
If ExtProp.PropID = CAPICOM_PROPID_FRIENDLY_NAME then
strFriendlyName(g,j) = ExtProp.Value (CAPICOM_ENCODE_BINARY)
j=j+1
End if
Next
Next
End If
'------The dump in WMI section
Dim wbemCimtypeSint16
Dim wbemCimtypeSint32
Dim wbemCimtypeReal32
Dim wbemCimtypeReal64
Dim wbemCimtypeString
Dim wbemCimtypeBoolean
Dim wbemCimtypeObject
Dim wbemCimtypeSint8
Dim wbemCimtypeUint8
Dim wbemCimtypeUint16
Dim wbemCimtypeUint32
Dim wbemCimtypeSint64
Dim wbemCimtypeUint64
Dim wbemCimtypeDateTime
Dim wbemCimtypeReference
Dim wbemCimtypeChar16
wbemCimtypeSint16 = 2
wbemCimtypeSint32 = 3
wbemCimtypeReal32 = 4
wbemCimtypeReal64 = 5
wbemCimtypeString = 8
wbemCimtypeBoolean = 11
wbemCimtypeObject = 13
wbemCimtypeSint8 = 16
wbemCimtypeUint8 = 17
wbemCimtypeUint16 = 18
wbemCimtypeUint32 = 19
wbemCimtypeSint64 = 20
wbemCimtypeUint64 = 21
wbemCimtypeDateTime = 101
wbemCimtypeReference = 102
wbemCimtypeChar16 = 103
Set oLocation = CreateObject("WbemScripting.SWbemLocator")
'Remove classes
Set oServices = oLocation.ConnectServer(, "root\cimv2")
set oNewObject = oServices.Get("SCCM_Certs")
oNewObject.Delete_
Set oServices = oLocation.ConnectServer(, "root\cimv2\SMS")
set oNewObject = oServices.Get("SCCM_Certs")
oNewObject.Delete_
'Create data class structure
Set oServices = oLocation.ConnectServer(, "root\cimv2")
Set oDataObject = oServices.Get
oDataObject.Path_.Class = "SCCM_Certs"
oDataObject.Properties_.add "Counter", wbemCimtypeUint32
oDataObject.Properties_.add "SubjectName", wbemCimtypeString
oDataObject.Properties_.add "IssuerName", wbemCimtypeString
oDataObject.Properties_.add "ValidFrom", wbemCimtypeString
oDataObject.Properties_.add "ValidTo", wbemCimtypeString
oDataObject.Properties_.add "DaysToExpire", wbemCimtypeUint32
oDataObject.Properties_.add "EKUOID", wbemCimtypeString
oDataObject.Properties_.add "FriendlyName", wbemCimtypeString
oDataObject.Properties_.add "ScriptLastRan", wbemCimtypeString
oDataObject.Properties_("Counter").Qualifiers_.add "key", True
oDataObject.Put_
'*********************************************
'Add Instances to data class
Set oServices = oLocation.ConnectServer(, "root\cimv2")
for k = 1 to g 'number of certs
Set oNewObject = oServices.Get("SCCM_Certs").SpawnInstance_
oNewObject.Counter = k
oNewObject.SubjectName = strSubjectName(k)
oNewObject.IssuerName = strIssuerName(k)
oNewObject.ValidFrom = strValidFrom(k)
oNewObject.ValidTo = strValidTo(k)
onewObject.DaysToExpire = strDaysToExpire(k)
oNewObject.FriendlyName = strFriendlyName(k,1)
for m = 1 to i 'number of extended keys
if strEDUOID(k,m) = "" then
'do nothing
else
if m = 1 then
oNewObject.EKUOID = strEDUOID(k,m)
else
oNewObject.EKUOID = oNewObject.EKUOID &"," & strEDUOID(k,m)
end if
end if
next
oNewObject.ScriptLastRan = Now
oNewObject.Put_
next 'end of number of certs
'Create reporting class structure
Set oServices = oLocation.ConnectServer(, "root\cimv2\SMS")
Set oRptObject = oServices.Get("SMS_Class_Template").SpawnDerivedClass_
'Set Class Name and Qualifiers
oRptObject.Path_.Class = "SCCM_Certs"
oRptObject.Qualifiers_.Add "SMS_Report", True
oRptObject.Qualifiers_.Add "SMS_Group_Name", "Certificates"
oRptObject.Qualifiers_.Add "SMS_Class_ID", "Custom|Certificates|1.0"
'Add Reporting Class Properties
oRptObject.Properties_.Add("Counter", wbemCimtypeUint32).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_.Add("SubjectName", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_.Add("IssuerName", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_.Add("ValidFrom", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_.Add("ValidTo", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_.Add("DaysToExpire", wbemCimtypeUint32).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_.Add("EKUOID", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_.Add("FriendlyName", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_.Add("ScriptLastRan", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_("Counter" ).Qualifiers_.Add "key", True
oRptObject.Put_
Set Certificates = Nothing
Set Store = Nothing
sub registercapicom
'''''''''''''' registr capcom.dll from system 32
strCurrentDir = Left(Wscript.ScriptFullName, (InstrRev(Wscript.ScriptFullName, "\") -1))
Set strSysFolder = FSO.GetSpecialFolder(1) 'get system32 folder
'Copy the dll to the system folder
FSO.CopyFile strcurrentdir & "\capicom.dll",strSysFolder & "\"
'Register the dll
sho.Run "cmd.exe /c regsvr32.exe /s " & Chr(34) &_
strSysFolder & "\capicom.dll" & Chr(34),0,vbTrue
end sub
--------------------------------------------------------------
Created by: Matthew Hudson & Sherry Kissinger |