Jump to content


Recommended Posts

You could use a Configuration Item + Baseline to build something that does this, pending on what you're looking for exactly. It's not Ideal, but possible.

With the WFH I've hacked a Powershell script together to check if the SCCM Client cert on the system is about to expire.

 

$Compliance = 'Compliant'
$templateName = 'SCCM Client Certificate'
$Check = Get-ChildItem 'Cert:\LocalMachine\My' | Where-Object{ $_.Extensions | Where-Object{ ($_.Oid.FriendlyName -eq 'Certificate Template Information') -and ($_.Format(0) -match $templateName) }} | where { $_.notafter -le (get-date).AddDays(24)}
If ($Check) {$Compliance = 'NonCompliant'}
$Compliance

I've got the Data type set as a string and Compliance Rule to Equal "Compliant".

In above case we're checking on days validity left, you can change it as you like off course, and make sure to match the TemplateName to your actual Template name for the Cert from your certificate server.

We've deployed this on our workstations and put all non-compliant marked clients in a collection twice a day and based on that give our end-users some "attention" to connect to the VPN and get their cert renewed. Preferably we wouldn't be in this situation and we would have all the machine AzureAD joined so that with the CMG Client cert authentication wasn't needed, but for now alas it still is (but not for long anymore).

Hope it helps or at least gives you a start to build what you need ?!

Edited by kevinnns

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.