DEVHIDE
Login Or Sign up

Powershell "Provider execution stopped because the provider does not support this operation."

2.4k Views Asked by At

I am trying to write a script to check a remote server for a certificate by FriendlyName. Once this is returned I want to confirm a removal of this cert. Currently the code below returns "Provider execution stopped because the provider does not support this operation." Why does the provider not work during the Remove-Item cmd but works earlier in the script when I use Select-Object?

$Logfile = "C:\Cert_Deletions_$(get-date -Format MMddyyyy).log"

Function LogWrite
{
   Param ([string]$logstring)

   Add-content $Logfile -value $logstring
}

#$TimeStamp = Get-Date;

LogWrite "Starting Cert Deletion Job $(get-date)";



$ContentsPath = 'C:\Servers.txt'
$Servers = "Server01"
$CertDeletionFile = 'C:\CertsDeleted.csv'
$Today = Get-Date

$typedCertificateName = Read-Host -Prompt "What certificate would you like 
to REMOVE?"

LogWrite "What Certificate would you like to REMOVE?"

function findCert {
param ([string]$Certificate)

Invoke-Command -ComputerName $Servers -ScriptBlock {

    Get-Childitem -Path  Cert:LocalMachine\My |
        where-Object {$_.friendlyname -eq $using:Certificate } |
        Select-Object -Property FriendlyName
    }
}
#line break
"`n"
Write-host "The following servers were found to hold the 
$typedCertificateName certificate:"
LogWrite "The following servers were found to hold the $typedCertificateName 
certificate:"
#line break
"`n"
$LocatedOn = findCert -Certificate $typedCertificateName
$LocatedOn
LogWrite $LocatedOn

"`n"

Write-host "Do you want to delete all certificates for $typedCertificateName 
??" -ForegroundColor Red 
LogWrite "Do you want to delete all certificates for $typedCertificateName 
??"
$Readhost = Read-Host " ( y / n ) " 
Switch ($ReadHost) 
 { 
   Y {Write-host "Yes, Deleting Now!!!" -ForegroundColor Yellow; 
       $Choice=$true} 
   N {Write-Host "No, Do NOT DELETE" -ForegroundColor Red; $Choice=$false} 
   Default {Write-Host "Default, Do Not Delete"; $Choice=$false} 
 } 

 If ($Readhost -eq 'y' -or 'Y') {
    Foreach ($Server in $Servers) {
        Invoke-Command -ComputerName $Server -ScriptBlock {
            try {
                Get-Childitem -Path  Cert:LocalMachine\My |
                where-Object {$_.friendlyname -eq 
$using:typedCertificateName} |
                Remove-Item  -ErrorAction Stop
                Write-host "$using:typedCertificateName has been deleted on 
$Server."
                #LogWrite "$using:typedCertificateName has been deleted on 
$Server."
                }
                catch
                {
                write-host $error 
                }           
         }    
     }
  }
powershell powershell-4.0 powershell-provider
Original Q&A
1

There are 1 best solutions below

3
user1367200 On BEST ANSWER

Here is an example of how to delete certificates on PowerShell v2 where the Remove-Item cmdlet doesn't work for certificate deletions. The script will first do the deletion and then verify that the deletion occurred. Feel free to modify for your purposes:

<#
.SYNOPSIS
    Removes all 802.1x certificates in the 'Cert:\LocalMachine\My' certificate store on a Windows machine which fit the defined criteria.
.DESCRIPTION
    Removes all 802.1x certificates in the 'Cert:\LocalMachine\My' certificate store with the following criteria:

    Certificate Issuer: Company Internal Sub CA
    Certificate Created with Template Name: Company-802.1x-mach-auth-AE-v1.0
    Certificate Store: LocalMachine\My
.EXAMPLE
    powershell.exe -File '.\Remove-DcmAll8021xUniCERT.ps1'
    Returns 'Not Compliant' if ANY certificates REMAIN in 'Cert:\LocalMachine\My' that fit the criteria described above AFTER the removal step is performed.
    Returns 'Compliant' if no such certs are found AFTER the removal step is performed.
.NOTES
#>

## Start by setting the execution policy for this PowerShell process
Try { Set-ExecutionPolicy -ExecutionPolicy 'ByPass' -Scope 'Process' -Force -ErrorAction 'Stop' } Catch { }

## VerbosePreference Options: Stop, Inquire, Continue, SilentlyContinue
#  Set to Continue to see all Write-Verbose output
$VerbosePreference = 'SilentlyContinue'

## WarningPreference Options: Stop, Inqurie, Continue, SilentlyContinue
#  Set to Continue to see all Write-Warning output
$WarningPreference = 'SilentlyContinue'

## Set DCM compliance status to default value of 'Compliant'
[string]$DCM_Compliance_Status = 'Compliant'

## Definite certificate properties we are looking for
[string]$CertStoreName = 'Cert:\LocalMachine\My'
[string]$TemplateName = 'Company-802.1x-mach-auth-AE-v1.0'
[string]$CertIssuer = 'Company Internal Sub CA'

Try {
    ## Open the specified certificate store
    [boolean]$IsCertStoreOpen = $false
    Write-Verbose -Message "Open the certificate store [$CertStoreName]."
    [System.Security.Cryptography.X509Certificates.X509Store]$MyLocalMachineCertStore = Get-Item -Path $CertStoreName -ErrorAction 'Stop'
    [boolean]$IsCertStoreOpen = $true

    ## Open the certificate store in Read/Write mode so that we can delete the matching certificates from it.
    Write-Verbose -Message "Open the certificate store [$CertStoreName] in [ReadWrite] mode."
    $MyLocalMachineCertStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)

    ## Get list of certificates in certificate store
    Write-Verbose -Message "Get the list of certificates in the certificate store."
    [System.Security.Cryptography.X509Certificates.X509Certificate2[]]$MyLocalMachineCertificates = $MyLocalMachineCertStore.Certificates

    ## Delete certificates that match specified issuer and if they were created using the specified certificate template
    ForEach ($Cert in $MyLocalMachineCertificates) {
        Try {
            Write-Verbose -Message '---------------------------------------------------------------'
            Write-Verbose -Message "Discovered certificate with thumbprint [$($Cert.Thumbprint)]."

            ## Check to see if certificate matches specified certificate issuer
            [boolean]$IsCertMatchesIssuer = ($Cert.Issuer -cmatch $CertIssuer)
            If ($IsCertMatchesIssuer) {
                Write-Verbose -Message "Discovered certificate issuer [$($Cert.Issuer)] matches specified certificate issuer [$CertIssuer]."
            }
            Else {
                Write-Verbose -Message "Discovered certificate issuer [$($Cert.Issuer)] does not match specified certificate issuer [$CertIssuer]."
                Continue
            }


            ## Check to see if certificate matches specified certificate template
            [boolean]$IsCertMatchesTemplate = $false
            ForEach ($Extension in $Cert.Extensions) {
                #  Only check Format(0) against the name of the specified template if Oid.FriendlyName indicates this certificate was built from a template
                If ($Extension.Oid.FriendlyName -match 'Template' ){
                    Write-Verbose -Message 'Discovered certificate was built from a template.'
                    If ($Extension.Format(0) -match $TemplateName) {
                        Write-Verbose -Message "Discovered certificate was built from specified template [$TemplateName]."
                        [boolean]$IsCertMatchesTemplate = $true
                        Break
                    }
                    Else {
                        Write-Verbose -Message "Discovered certificate was not built from specified template [$TemplateName]."
                    }
                }
                Else {
                    Write-Verbose -Message 'Discovered certificate was not built from a template.'
                }
            }

            ## Check to see if we found a certificate that matches the specified issuer and was built with the specified template
            If ($IsCertMatchesIssuer -and $IsCertMatchesTemplate) {
                Write-Verbose -Message "Discovered certificate matches the specified issuer [$CertIssuer] and was built with the specified template [$TemplateName]."

                Try {
                    ## Delete the discovered certificate
                    #  Note: Remove-Item cmdlet does not support the certificate provider so the .Remove() method must be used to delete the cert
                    Write-Verbose -Message "Delete the discovered certificate with thumbprint [$($Cert.Thumbprint)]."
                    $null = $MyLocalMachineCertStore.Remove($Cert)

                    Write-Verbose -Message "Save the deleted certificate with thumbprint [$($Cert.Thumbprint)] for the deletion verification stage of the script."

                    [string[]]$RemovedCertificateThumbprints += $Cert.Thumbprint
                }
                Catch {
                    Write-Warning -Message ('{0}' -f $_.Exception.Message)

                    #  If we failed to remove the certificate, then the DCM is 'Not Compliant'
                    [string]$DCM_Compliance_Status = 'Not Compliant'
                }
            }

            #  Reset the state of the X509Certificate2 object
            $null = $Cert.Reset()
        }
        Catch {
            Write-Warning -Message ('{0}' -f $_.Exception.Message)
            [string]$DCM_Compliance_Status = 'Not Compliant'
            Continue
        }
    }
}
Catch {
    Write-Warning -Message ('{0}' -f $_.Exception.Message)

    [string]$DCM_Compliance_Status = 'Not Compliant'
    Write-Output -InputObject ($DCM_Compliance_Status)
    Exit
}
Finally {
    Try {
        If ($MyLocalMachineCertificates) {
            $null = $MyLocalMachineCertificates.Reset()
        }
        If ($IsCertStoreOpen) {
            $null = $MyLocalMachineCertStore.Close()
        }
    }
    Catch { }
}

Write-Verbose -Message '_______________________________________________________________'
Write-Verbose -Message '_______________________________________________________________'

## Verify that the certificates we wanted to delete have been deleted from the certificate store by filtering for those matching the thumbprint of the deleted certificate
If ($RemovedCertificateThumbprints) {
    Write-Verbose -Message 'Certificates with the matching specified criteria were discovered on this machine. Executing steps to verify that matching certificates were deleted.'

    Try {
        ## Open the specified certificate store
        [boolean]$IsCertStoreOpen = $false
        Write-Verbose -Message "Open the certificate store [$CertStoreName]."
        [System.Security.Cryptography.X509Certificates.X509Store]$MyLocalMachineCertStore = Get-Item -Path $CertStoreName -ErrorAction 'Stop'
        [boolean]$IsCertStoreOpen = $true

        ## Open the certificate store in Ready Only mode so that we can verify if targeted certificates were deleted.
        Write-Verbose -Message "Open the certificate store [$CertStoreName] in [ReadOnly] mode."
        $MyLocalMachineCertStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)

        ## Get list of certificates in certificate store
        Write-Verbose -Message "Get the list of certificates in the certificate store."
        [System.Security.Cryptography.X509Certificates.X509Certificate2[]]$MyLocalMachineCertificates = $MyLocalMachineCertStore.Certificates

        ## Verify that matching certificates were deleted from the certificate store
        ForEach ($RemovedCertThumbprint in $RemovedCertificateThumbprints) {
            Try {
                If ($MyLocalMachineCertificates.Thumbprint -contains $RemovedCertThumbprint) {
                    Write-Warning -Message "Certificate with thumbprint [$RemovedCertThumbprint] was not successfully deleted from certificate store [$CertStoreName]."
                    #  We failed to remove the certificate from the certificate store. The machine is not compliant.
                    [string]$DCM_Compliance_Status = 'Not Compliant'
                }
                Else {
                    Write-Verbose -Message "Certificate with thumbprint [$RemovedCertThumbprint] was successfully deleted from certificate store [$CertStoreName]."
                }
            }
            Catch {
                Write-Warning -Message ('{0}' -f $_.Exception.Message)
                [string]$DCM_Compliance_Status = 'Not Compliant'
                Continue
            }
        }
    }
    Catch {
        Write-Warning -Message ('{0}' -f $_.Exception.Message)
        [string]$DCM_Compliance_Status = 'Not Compliant'
    }
    Finally {
        Try {
            If ($MyLocalMachineCertificates) {
                $null = $MyLocalMachineCertificates.Reset()
            }
            If ($IsCertStoreOpen) {
                $null = $MyLocalMachineCertStore.Close()
            }
        }
        Catch { }
    }
}
Else {
    Write-Verbose -Message "No 802.1x UniCERT certificates were discovered in the certificate store [$CertStoreName] on this machine. Skipping steps to verify that appropriate certificates were deleted."
}


## Write out the compliance status
Write-Output -InputObject ($DCM_Compliance_Status)

Related Questions in POWERSHELL

Related Questions in POWERSHELL-4.0

Related Questions in POWERSHELL-PROVIDER

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.