[Cmdletbinding()] Param ( [ValidateScript({ if(Test-Path -Path $_) {$true} else {Throw 'File specified for ComputerListPath was not found.'} })] [String] $ComputerListPath = 'D:\enroll\devices.txt', [String] $RequestOutputPath = 'D:\enroll\Reqs', [String] $CerOutputPath = 'D:\enroll\Cer', [String] $PFXOutputPath = 'D:\enroll\PFX', [String] $CAConfig = 'SRV001.trustmyroot.com\CA01', [String] $ReportFilePath = 'D:\enroll\CertReport.csv', [String] $DomainDNSName = 'trustmyroot.com', [String] $CertificateTemplate = 'DeviceAuthentication', [Bool] $Cleanup = $true ) ################################# ## DO NOT EDIT BELOW THIS LINE ## ################################# $TimeStamp = Get-Date -f 'yyyy-MM-dd_HHmm' # Correct trailing backlash in paths and add timestamp $RequestOutputPath = "$($RequestOutputPath -replace '\\$')_$TimeStamp" $CerOutputPath = "$($CerOutputPath -replace "\\$")_$TimeStamp" $PFXOutputPath = "$($PFXOutputPath -replace "\\$")_$TimeStamp" if($ReportFilePath -match '\.csv$') { $ReportFilePath = $ReportFilePath -replace '\.csv$',"_$TimeStamp.csv" } else { Throw 'Invalid ReportFilePath, has to be .csv filetype.' } if(-Not(Test-Path -Path $RequestOutputPath -PathType Container)) { New-Item -ItemType Directory -Path $RequestOutputPath -ErrorAction Stop } if(-Not(Test-Path -Path $CerOutputPath -PathType Container)) { New-Item -ItemType Directory -Path $CerOutputPath -ErrorAction Stop } if(-Not(Test-Path -Path $PFXOutputPath -PathType Container)) { New-Item -ItemType Directory -Path $PFXOutputPath -ErrorAction Stop } $Computers = Get-Content -Path $ComputerListPath $Report = Foreach ($Computer in $Computers) { $CertRequestConf = [System.IO.Path]::GetTempFileName() @" [Version] Signature="`$Windows NT$ [NewRequest] Subject = CN=$Computer.$DomainDNSName Exportable = True KeyLength = 4096 KeySpec = 1 ; AT_KEYEXCHANGE KeyUsage = 0xA0 ; Digital Signature, Key Encipherment MachineKeySet = True ; The key belongs to the local computer account ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 SMIME = False [RequestAttributes] CertificateTemplate = $CertificateTemplate "@ | Out-File -FilePath $CertRequestConf [System.Void](& certreq -new $CertRequestConf "$RequestOutputPath\$Computer.req") Remove-Item -Path $CertRequestConf -Force [System.Void](& certreq -submit -config $CAConfig "$RequestOutputPath\$Computer.req" "$CerOutputPath\$Computer.cer") [System.Void](& certutil -addstore -f 'MY' "$CerOutputPath\$Computer.cer") [System.Void](& certutil -repairstore 'MY' "$Computer.$DomainDNSName") [Void][Reflection.Assembly]::LoadWithPartialName(“System.Web”) $Password = [System.Web.Security.Membership]::GeneratePassword(20,5) [System.Void](& certutil -p $Password -exportPFX "$Computer.$DomainDNSName" "$PFXOutputPath\$Computer.pfx") $Result = New-Object -TypeName PSObject Add-Member -InputObject $Result -MemberType NoteProperty -Name Computer -Value $Computer Add-Member -InputObject $Result -MemberType NoteProperty -Name Password -Value $Password Add-Member -InputObject $Result -MemberType NoteProperty -Name PFXFile -Value "$PFXOutputPath\$Computer.pfx" Write-Output -InputObject $Result [System.Void](& certutil –privatekey –delstore 'MY' "$Computer.$DomainDNSName") } $Report | Export-Csv -Path $ReportFilePath -NoTypeInformation -Delimiter ';' -Encoding Default if($Cleanup -eq $true) { Remove-Item -Path $RequestOutputPath -Recurse -Force Remove-Item -Path $CerOutputPath -Recurse -Force }