Powershell撤消证书

Question

我想删除用户和他的计算机的证书。 我曾尝试：

Import-Module PSPKI 
Import-Module ActiveDirectory 

$RequesterNameComputer = "A\B$"; 
$RequesterNameUser = "A\C"; 

certutil -view -out "RequestID,SerialNumber,RequesterName,RequestType,NotAfter,CommonName" csv > "$env:TEMP\tempcerts.csv"; 

$Csv = Import-Csv -Path "$env:TEMP\tempcerts.csv"; 
$csv | Select-Object "requester name" | Group-Object -Property "requester name" | Sort-Object -Property count; 

$computer = $csv | Where-Object {$_."requester name" -eq $RequesterNameComputer} | ?{$_."Certificate Template" -like "*PlaygroundComputer"}; 
$computer 

$User = $csv | Where-Object {$_."requester name" -eq $RequesterNameUser} | ?{$_."Certificate Template" -like "*User"}; 
$User 

我知道我必须使用certutil -revoke但不知道怎么会这样，它会删除所有证书，这表明$计算机和$用户将其调整到我的脚本。

Answer 1

Import-Module PSPKI 
Import-Module ActiveDirectory 

$RequesterNameComputer = "A\B"; 
$RequesterNameUser = "A\C"; 

#certutil: display information about the digital certificates that are installed on a DirectAccess client, DirectAccess server, or intranet resource. 
certutil -view -out "RequestID,SerialNumber,RequesterName,RequestType,NotAfter,CommonName,Certificate Template" csv > "$env:TEMP\tempcerts.csv"; 

$Csv = Import-Csv -Path "$env:TEMP\tempcerts.csv"; 
$csv | Select-Object "requester name" | Group-Object -Property "requester name" | Sort-Object -Property count; 

$computer = $csv | Where-Object {$_."requester name" -eq $RequesterNameComputer} | ?{$_."Certificate Template" -like "*PlaygroundComputer"}; 
$computer 

ForEach ($com in $computer){ 
certutil -revoke $com.'Serial Number' 5; 
} 

# certutil -installdefaulttemplates 
$User = $csv | Where-Object {$_."requester name" -eq $RequesterNameUser} | ?{$_."Certificate Template" -like "*User"}; 
$User 

foreach ($usr in $User){ 
certutil -revoke $usr.'Serial Number' 5; 
} 

Remove-Item -Path "$env:TEMP\tempcerts.csv" -Force;