Blog Post

Core Infrastructure and Security Blog
5 MIN READ

Extending Hardware Inventory for System Center Configuration Manager

BrandonWilson's avatar
BrandonWilson
Icon for Microsoft rankMicrosoft
May 15, 2019
First published on TECHNET on Oct 15, 2018 Hello everyone, Jonathan Warnken here, and I am a Premier Field Engineer (PFE) for Microsoft. I primarily support Configuration Manager and I have bee...
Updated Aug 28, 2019
Version 5.0
JonathanWarnken
Glaucia Fernanda da Silva Diniz's avatar
Glaucia Fernanda da Silva Diniz
Copper Contributor
Feb 06, 2025

I would like to contribute by adding the certificate model output to the script.

 

## Delete any existing instances
$CurrentEA = $ErrorActionPreference
$ErrorActionPreference = 'SilentlyContinue'
(Get-WmiObject -Namespace root\cimv2 -class cm_CertInfo).Delete()
$ErrorActionPreference = $CurrentEA

## Create Class if it doesn't exist in root\cimv2
$newClass = New-Object System.Management.ManagementClass ("root\cimv2", [String]::Empty, $null);
$newClass["__CLASS"] = "cm_CertInfo";
$newClass.Qualifiers.Add("Static", $true)
$newClass.Properties.Add("Location", [System.Management.CimType]::String, $false)
$newClass.Properties["Location"].Qualifiers.Add("Key", $true)
$newClass.Properties.Add("Handle", [System.Management.CimType]::String, $false)
$newClass.Properties["Handle"].Qualifiers.Add("Key", $true)
$newClass.Properties.Add("Thumbprint", [System.Management.CimType]::String, $false)
$newClass.Properties.Add("Subject", [System.Management.CimType]::String, $false)
$newClass.Properties.Add("Issuer", [System.Management.CimType]::String, $false)
$newClass.Properties.Add("NotBefore", [System.Management.CimType]::String, $false)
$newClass.Properties.Add("NotAfter", [System.Management.CimType]::String, $false)
$newClass.Properties.Add("FriendlyName", [System.Management.CimType]::String, $false)
$newClass.Properties.Add("ExpiresinDays", [System.Management.CimType]::uint32, $false)
$newClass.Properties.Add("Template", [System.Management.CimType]::String, $false)
$newClass.Properties.Add("ScriptLastRan", [System.Management.CimType]::String, $false)
$newClass.Put()|Out-Null

function Publish-Certs2WMI{
    [CmdletBinding()]
    Param
    (
    # Path to Cert store to Publish
    [Parameter(Mandatory=$true,
    ValueFromPipelineByPropertyName=$true
    )]
    [ValidateScript({
        If(Test-Path "Cert:\$_"){$true}
        else{
            throw "Unable to access Certificates in $_ !!"
        }
    })]
    $Path
    )
    foreach ($Cert in (Get-ChildItem -Recurse cert:\$Path)){
        # Expires in...
            $ExpiresInDays = ($cert.NotAfter-(Get-Date)).TotalDays
            $ExpiresInDays = [int]$ExpiresInDays
            if ($ExpiresInDays -lt 0){
                $ExpiresInDays = 0
            }
            $Today = (Get-Date)
            $templateExt = $Cert.Extensions | Where-Object{ (($_.Oid.FriendlyName -eq 'Informações de Modelo de Certificado') -or ($_.Oid.FriendlyName -eq 'Certificate Template Information')) } | Select-Object -First 1

            if($templateExt) {
                $information = $templateExt.Format(1)
            
                # Extract just the template name in $Matches[1]
                if($information -match "^Template=(.+)\([0-9\.]+\)") {
                    set-wmiinstance -Namespace root\cimv2 -class cm_CertInfo -ErrorAction SilentlyContinue -argument @{
                        Location=$Path
                        Handle=$cert.Handle
                        Subject=$cert.subject
                        Issuer=$cert.Issuer
                        Thumbprint=$cert.thumbprint
                        NotBefore=$cert.NotBefore
                        NotAfter=$cert.NotAfter
                        FriendlyName=$cert.Friendlyname
                        ExpiresInDays=$ExpiresInDays
                        Template=$Matches[1]
                        ScriptLastRan=$Today
                    }|Out-Null
                } else {
                    # No regex match, just return the complete information then
                    set-wmiinstance -Namespace root\cimv2 -class cm_CertInfo -ErrorAction SilentlyContinue -argument @{
                        Location=$Path
                        Handle=$cert.Handle
                        Subject=$cert.subject
                        Issuer=$cert.Issuer
                        Thumbprint=$cert.thumbprint
                        NotBefore=$cert.NotBefore
                        NotAfter=$cert.NotAfter
                        FriendlyName=$cert.Friendlyname
                        ExpiresInDays=$ExpiresInDays
                        Template=$information
                        ScriptLastRan=$Today
                    }|Out-Null
                }
            } else {
                # No template name found
                    set-wmiinstance -Namespace root\cimv2 -class cm_CertInfo -ErrorAction SilentlyContinue -argument @{
                        Location=$Path
                        Handle=$cert.Handle
                        Subject=$cert.subject
                        Issuer=$cert.Issuer
                        Thumbprint=$cert.thumbprint
                        NotBefore=$cert.NotBefore
                        NotAfter=$cert.NotAfter
                        FriendlyName=$cert.Friendlyname
                        ExpiresInDays=$ExpiresInDays
                        Template=$null
                        ScriptLastRan=$Today
                    }|Out-Null
            }
    }
}

$CertPaths = 'LocalMachine\TrustedPublisher','LocalMachine\Root','LocalMachine\My'
foreach($CertPath in $CertPaths){Publish-Certs2WMI -Path $CertPath}

If(@(Get-WmiObject -Namespace root\cimv2 -class cm_CertInfo).count -gt 0){Write-Host "Compliant"}