VBscript Tools - Certificate Inventory
Main Menu > Tools > VBscript Tools
Certificate Inventory
This tool will read the certificates in the personal "MY" folder and inject them in to WMI where they will be inventoried
Download
Documentation
This tool will read the certificates in the Personal Store and inject them into WMI. It will be necessary for this to be run as an Advertisement every x days to allow the data in the inventory to update. To decrease the necessary time the data included will have the number of days until the certificate expires. This can be use with reports to determine if any certs are about to expire or have already expired. The biggest problem with native mode clients is a invalid computer certificate. If it doesn't auto renew, for whatever reason, the machine will be dead. The SMS_Def.MOF file will need to be modified. Below is the data collected for each certificate.

DaysToExpire
FriendlyName
IssuerName
SubjectName
ValidFrom
ValidTo
ScriptLastRan

NOTE: Capicom is required to read the certificate data.
----------SMS_DEF.MOF-------------------------------------------
[ SMS_Report     (TRUE),
  SMS_Group_Name ("Certificates"),
  SMS_Class_ID   ("CUSTOM|Certificates|1.0") ]
class SCCM_Certs : SMS_Class_Template
{
    [SMS_Report (TRUE), key ] uint32  Counter;
    [SMS_Report (TRUE)      ] uint32  DaysToExpire;
    [SMS_Report (TRUE)      ] string  EKUOID;
    [SMS_Report (TRUE)      ] string  FriendlyName;
    [SMS_Report (TRUE)      ] string  IssuerName;
    [SMS_Report (TRUE)      ] string  ScriptLastRan;
    [SMS_Report (TRUE)      ] string  SubjectName;
    [SMS_Report (TRUE)      ] string  ValidFrom;
    [SMS_Report (TRUE)      ] string  ValidTo;
};

-------------------------------------------------------------


----------CERTIFICATES.VBS-------------------------------------------
'****************************************************************
'Certificate Retreival
'Created by: Matthew Hudson & Sherry Kissinger
' 5/09/2009
'
'****************************************************************
' http://msdn.microsoft.com/en-us/library/aa376092(VS.85).aspx
'c:\windows\syswow64\cscript NameOfTheScript.vbs to use the 32bit capicom
'Option Explicit
On Error Resume next

dim ExtProp, certificatedata,Extension,EKU
dim sho, fso, strcurrentdir, strsysfolder
Set sho = Wscript.CreateObject("Wscript.Shell")
Set FSO = CreateObject("Scripting.FileSystemObject")
Dim Store, Certificates, Certificate
Dim StrsubjectName(500), STRIssuerName(500), strValidFrom(500), strValidTo(500), strDaysToExpire(500), i,j,k,g,m
Dim strEDUOID(500,500), StrFriendlyName(500,500)

Const CAPICOM_LOCAL_MACHINE_STORE = 1
Const CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME = 1
Const CAPICOM_STORE_OPEN_READ_ONLY = 0
const CAPICOM_PROPID_FRIENDLY_NAME =11
const CAPICOM_ENCODE_BINARY = 1

Set Store = CreateObject("CAPICOM.Store")

Select Case err.number
   Case 0'object registered OK
   Case 429'CAPICOM needs to be registered
      registercapicom 'go register capicom
      err.Clear
   Case Else
   wscript err.number
   err.Clear
End Select

Store.Open CAPICOM_LOCAL_MACHINE_STORE, "MY" ,CAPICOM_STORE_OPEN_READ_ONLY
Set Certificates = Store.Certificates

If Certificates.Count >0 Then
   For Each Certificate in Certificates
       g=g+1
       strSubjectName(g) = Certificate.SubjectName
       strIssuerName(g) = Certificate.IssuerName
       strValidFrom(g) = Certificate.ValidFromDate
       strValidTo(g) = Certificate.ValidToDate
       strDaysToExpire(g) = DateDiff("d",now(),Certificate.ValidToDate)

       if Certificate.ExtendedKeyUsage.IsPresent Then
          i=1
          For Each EKU In Certificate.ExtendedKeyUsage.Ekus
             strEDUOID(g,i) = EKU.OID
             i=i+1
          Next
       end if

       For Each ExtProp In Certificate.ExtendedProperties
           j=1
           If  ExtProp.PropID = CAPICOM_PROPID_FRIENDLY_NAME then
             strFriendlyName(g,j) = ExtProp.Value (CAPICOM_ENCODE_BINARY)
             j=j+1
           End if
       Next

  Next

End If

'------The dump in WMI section

Dim wbemCimtypeSint16
Dim wbemCimtypeSint32
Dim wbemCimtypeReal32
Dim wbemCimtypeReal64
Dim wbemCimtypeString
Dim wbemCimtypeBoolean
Dim wbemCimtypeObject
Dim wbemCimtypeSint8
Dim wbemCimtypeUint8
Dim wbemCimtypeUint16
Dim wbemCimtypeUint32
Dim wbemCimtypeSint64
Dim wbemCimtypeUint64
Dim wbemCimtypeDateTime
Dim wbemCimtypeReference
Dim wbemCimtypeChar16

wbemCimtypeSint16 = 2
wbemCimtypeSint32 = 3
wbemCimtypeReal32 = 4
wbemCimtypeReal64 = 5
wbemCimtypeString = 8
wbemCimtypeBoolean = 11
wbemCimtypeObject = 13
wbemCimtypeSint8 = 16
wbemCimtypeUint8 = 17
wbemCimtypeUint16 = 18
wbemCimtypeUint32 = 19
wbemCimtypeSint64 = 20
wbemCimtypeUint64 = 21
wbemCimtypeDateTime = 101
wbemCimtypeReference = 102
wbemCimtypeChar16 = 103
Set oLocation = CreateObject("WbemScripting.SWbemLocator")

'Remove classes
Set oServices = oLocation.ConnectServer(, "root\cimv2")
set oNewObject = oServices.Get("SCCM_Certs")
oNewObject.Delete_

Set oServices = oLocation.ConnectServer(, "root\cimv2\SMS")
set oNewObject = oServices.Get("SCCM_Certs")
oNewObject.Delete_

'Create data class structure
Set oServices = oLocation.ConnectServer(, "root\cimv2")
Set oDataObject = oServices.Get
oDataObject.Path_.Class = "SCCM_Certs"
oDataObject.Properties_.add "Counter", wbemCimtypeUint32
oDataObject.Properties_.add "SubjectName", wbemCimtypeString
oDataObject.Properties_.add "IssuerName", wbemCimtypeString
oDataObject.Properties_.add "ValidFrom", wbemCimtypeString
oDataObject.Properties_.add "ValidTo", wbemCimtypeString
oDataObject.Properties_.add "DaysToExpire", wbemCimtypeUint32
oDataObject.Properties_.add "EKUOID", wbemCimtypeString
oDataObject.Properties_.add "FriendlyName", wbemCimtypeString
oDataObject.Properties_.add "ScriptLastRan", wbemCimtypeString
oDataObject.Properties_("Counter").Qualifiers_.add "key", True
oDataObject.Put_

'*********************************************
'Add Instances to data class
Set oServices = oLocation.ConnectServer(, "root\cimv2")

for k = 1 to g 'number of certs
	Set oNewObject = oServices.Get("SCCM_Certs").SpawnInstance_
        oNewObject.Counter = k
        oNewObject.SubjectName = strSubjectName(k)
        oNewObject.IssuerName = strIssuerName(k)
        oNewObject.ValidFrom = strValidFrom(k)
        oNewObject.ValidTo = strValidTo(k)
        onewObject.DaysToExpire = strDaysToExpire(k)
        oNewObject.FriendlyName = strFriendlyName(k,1)


 for m = 1 to i 'number of extended keys
  if strEDUOID(k,m) = "" then
   'do nothing
   else
         if m = 1 then
            oNewObject.EKUOID = strEDUOID(k,m)
         else
            oNewObject.EKUOID = oNewObject.EKUOID &"," & strEDUOID(k,m)
         end if
  end if
 next
   oNewObject.ScriptLastRan = Now
   oNewObject.Put_
next 'end of number of certs


'Create reporting class structure
Set oServices = oLocation.ConnectServer(, "root\cimv2\SMS")
Set oRptObject = oServices.Get("SMS_Class_Template").SpawnDerivedClass_

'Set Class Name and Qualifiers
oRptObject.Path_.Class = "SCCM_Certs"
oRptObject.Qualifiers_.Add "SMS_Report", True
oRptObject.Qualifiers_.Add "SMS_Group_Name", "Certificates"
oRptObject.Qualifiers_.Add "SMS_Class_ID", "Custom|Certificates|1.0"

'Add Reporting Class Properties
oRptObject.Properties_.Add("Counter", wbemCimtypeUint32).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_.Add("SubjectName", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_.Add("IssuerName", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_.Add("ValidFrom", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_.Add("ValidTo", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_.Add("DaysToExpire", wbemCimtypeUint32).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_.Add("EKUOID", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_.Add("FriendlyName", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_.Add("ScriptLastRan", wbemCimtypeString).Qualifiers_.Add "SMS_Report", True
oRptObject.Properties_("Counter" ).Qualifiers_.Add "key", True
oRptObject.Put_

Set Certificates = Nothing
Set Store = Nothing

sub registercapicom
  '''''''''''''' registr capcom.dll from system 32
  strCurrentDir = Left(Wscript.ScriptFullName, (InstrRev(Wscript.ScriptFullName, "\") -1))
  Set strSysFolder = FSO.GetSpecialFolder(1) 'get system32 folder
  'Copy the dll to the system folder
  FSO.CopyFile strcurrentdir & "\capicom.dll",strSysFolder & "\"
  'Register the dll
  sho.Run "cmd.exe /c regsvr32.exe /s " & Chr(34) &_
    strSysFolder & "\capicom.dll" & Chr(34),0,vbTrue
end sub


--------------------------------------------------------------


Created by: Matthew Hudson & Sherry Kissinger