SCCM | Intune | Windows 365 | Windows 11 Forums

Welcome to the forums. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your topics and posts, as well as connect with other members through your own private inbox!

PENDING script to delete cert from local machine

Nitin_ted

Well-Known Member
Messages
86
Solutions
1
Reaction score
2
Points
8
Hi Guys, my company devices auto installed some certificate that cause them to disable wifi and outlook slowness etc.. After i remove certificate manually users device works fine.

Its stored in below location.
Cerlm-->Certificate-localComputer-->Personal-->certificate folder.

I prepared 1 script. Manually its works fine but when i try to package in Ps1 or add in script i got error "Script for Package:RHB000C1, Program: Delete Cert failed with exit code 1"

# Specify the thumbprint of the certificate to delete
$thumbprint = "93e288fafb4cb3153c6e5d380227b16767d47070"

# Get the certificate from the user's certificate store
$cert = Get-ChildItem -Path Cert:\CurrentUser\My | Where-Object {$_.Thumbprint -eq $thumbprint}

# If the certificate is found, delete it
if ($cert) {
Remove-Item $cert.PSPath
Write-Host "Certificate deleted successfully."
}
else {
Write-Host "Certificate not found."
}
 
@Garth local we not try since users dont have access to powershell. But i try within a IT dept.
@Prajwal Desai - GPO team block users to run powershell. Can this may cause the issue?
Also i run the above script from SCCM but outcome is attached and its wont remove the cert from device.
 

Attachments

  • issue.JPG
    issue.JPG
    69.7 KB · Views: 7
How did you execute the script manually? i.e., psexec being used? or directly executed the powershell script with administrative privileges?

Try the script with psexec to see whether it works. If it works, it should also work with SCCM.
 
@Garth local we not try since users dont have access to powershell. But i try within a IT dept.
If you send a script via ConfigMgr it will run as Local System Account. Therefore if you are having problems with running the script you need to test your script using the local system to see the "Real Error" e.g. maybe the local system account is NOT allowed to run PowerShell scripts...
 
Hi Guys, my company devices auto installed some certificate that cause them to disable wifi and outlook slowness etc.. After i remove certificate manually users device works fine.

Its stored in below location.
Cerlm-->Certificate-localComputer-->Personal-->certificate folder.

I prepared 1 script. Manually its works fine but when i try to package in Ps1 or add in script i got error "Script for Package:RHB000C1, Program: Delete Cert failed with exit code 1"

# Specify the thumbprint of the certificate to delete
$thumbprint = "93e288fafb4cb3153c6e5d380227b16767d47070"

# Get the certificate from the user's certificate store
$cert = Get-ChildItem -Path Cert:\CurrentUser\My | Where-Object {$_.Thumbprint -eq $thumbprint}

# If the certificate is found, delete it
if ($cert) {
Remove-Item $cert.PSPath
Write-Host "Certificate deleted successfully."
}
else {
Write-Host "Certificate not found."
}
Hi Nitin,

Get-ChildItem -Path Cert:\CurrentUser\My | Where-Object {$_.Thumbprint -eq "93e288fafb4cb3153c6e5d380227b16767d47070"}Remove-Item

save the script as PowerShell script and name as delete.ps1 and save in shared drive and then create program in the package as below:
%Windir%\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command .\delete.ps1
This should remove the certificate from that path.
Cheers,
Prajwal K P
 
Hi Nitin,

Get-ChildItem -Path Cert:\CurrentUser\My | Where-Object {$_.Thumbprint -eq "93e288fafb4cb3153c6e5d380227b16767d47070"}Remove-Item

save the script as PowerShell script and name as delete.ps1 and save in shared drive and then create program in the package as below:
%Windir%\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command .\delete.ps1
This should remove the certificate from that path.
Cheers,
Prajwal K P
1733450705443.png
Hi Prajwal, your script is not working on my computers with above error. Please help. Best Regards. Michael
 
You are missing a Pipe in the command line.
Thank you. Is any chance to remove autoenrolled certificates from multiple computers (>200) cause them to disable Wi-Fi? Is any common denominator for all computers (e.g. "Template Display Name") which I can use in script to remove certificates?
 
Thank you. Is any chance to remove autoenrolled certificates from multiple computers (>200) cause them to disable Wi-Fi? Is any common denominator for all computers (e.g. "Template Display Name") which I can use in script to remove certificates?
There is no direct relationship between WIFI and certs.
 
There is no direct relationship between WIFI and certs.
Thank you very much for reply.

In my case, my predecessor auto-enrolled from local CA Certificate without anything in the SAN field.

Our computer is NOT connecting using its Machine Cert / EAP-TLS; instead uses PEAP AD User/Pass authentication.

When computers attempting to connect using EAP-TLS Machine Auth - they are failing.

Network application (ISE) log indicates that most of the failed AD Machine auths are because the certs do not have FQDN in Certificate’s ‘CN’ and ‘SAN” field.

That is why I need a script to remove from all Domain computers (>that 200) this Certificate.



Thank again.



Michael
 
Back
Top