Powershell. Loop through certificate store and remove cert based on thumbprint - powershell

I have a simple powershell script that runs via a GPO startup script.
As you can see, it takes a thumbprint an loops through the cert store and removes it if it finds it.
#thumbprint of certificate to remove
$thumb = "abcdef444444857694df5e45b68851868"
#loop through all the certs stores looking for $thumb and remove if found
get-childitem Cert:/ -recurse | where-object {$_.thumbprint -contains "$thumb"} | remove-item
When I run the above two lines from an elevated powershell prompt it works!
If I reboot my machine and let the GPO do it's thing OR if I run from an elevated powershell prompt the below:
powershell.exe -Noninteractive -ExecutionPolicy Bypass -Noprofile -file "\\mydomain.corp\SysVol\mydomain.corp\Policies\{7086C68E-D509-9169-A02B-56579826C234}\Machine\Scripts\Startup\removecerts.ps1"
Then I get the following:
remove-item : The operation is on user root store and UI is not allowed.
Any help would be appreciated.

I suspect it's prompting for confirmation, which it can't when running headless.
Adding the -Force parameter should override the confirmation prompt:
... | Remove-Item -Force
Alternatively, set the $ConfirmPreference variable to None before attempting to remove the certificates to avoid the prompt:
$ConfirmPreference = 'None'
<# rest of script goes here #>

script now looks like this:
$ConfirmPreference = 'None'
#thumbprint of certificate to remove
$thumb = "abcdef444444857694df5e45b68851868"
#loop through all the certs stores looking for $thumb and remove if found
get-childitem Cert:/ -recurse | where-object {$_.thumbprint -contains "$thumb"} | remove-item -Force
And my error:
remove-item : The operation is on user root store and UI is not allowed.
At \\mydomain.corp\SysVol\mydomain.corp\Policies\{7086C68E-D509-9169-A02B-56579826C234}\Machine\Scripts\Startup\removecerts.ps1:16 char:88
+ ... {$_.thumbprint -match "$thumb"} | remove-item -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Remove-Item], InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.RemoveItemCommand
```

Related

how to delete a folder using invoke command in powershell

First time asking a question here after using it for a long time.
I'm currently making a powershell script to delete userdata when they left the company for a month.
I already tried deleting the folder using the normal remove-item and this works however this is a very slow process when going over the network.
I then found out about the invoke-command function which can run on a remote computer.
Now i can't seem to get this working.
I keep getting the error that the path is not found.
However it seems like powershell is changing my path.
How can i prevent this from happening?
Cannot find path 'C:\Users\admcia\Documents\P$\PERSONAL\JOBA' because it does not exist.
+ CategoryInfo : ObjectNotFound: (C:\Users\admcia...$\PERSONAL\JOBA:String) [Remove-Item], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.RemoveItemCommand
+ PSComputerName : ODNDATA
my code is the following:
Note that P$ is the local drive letter on the server.
Also note That $item.SamAccountName is used for creating foldername. (we use Samaccountname as the name of the users folder.
$localPath1 = "P$" + "\PERSONAL\" + $item.SamAccountName
$serverName = "Remotecompter"
Invoke-Command -ComputerName $serverName -ScriptBlock { Remove-Item $using:localPath1 -Force -Recurse -Confirm:$false }
If as seen from your local machine, the drive is \\Remotecomputer\P$\, then for the remote computer (where the code is executed) the path is just P:\.
To combine strings into a path, I would suggest you better use the Join-Path cmdlet rather than concatenating the strings with '+'
Try
$localPath1 = Join-Path -Path 'P:\PERSONAL' -ChildPath $item.SamAccountName
$serverName = "Remotecompter"
Invoke-Command -ComputerName $serverName -ScriptBlock { Remove-Item $using:localPath1 -Force -Recurse -Confirm:$false }
You can use -ArgumentList in Invoke command,
Invoke-Command -ComputerName $serverName -ScriptBlock {
param($localPath1)
Remove-Item $localPath1 -Force -Recurse -Confirm:$false
} -ArgumentList($localPath1)
make sure your path is correct, and if it does not work try to hardcode the path in your code.

Powershell v2 files deletion error Cannot convert the "LastWriteTime"

OS : Windows 2008 R2 64bit
I am trying to delete all txt files older then X days using powershell using below CMD
PS C:\temp> POWERSHELL -COMMAND "Get-ChildItem c:\temp -Recurse -Include *.txt | Where LastWriteTime -lt (Get-Date).AddDays(-10) | Remove-Item -Force"
But getting following error
Where-Object : Cannot bind parameter 'FilterScript'. Cannot convert the "LastWriteTime" value of type "System.String" to type "System.Management.Automation.ScriptBlock".At line:1 char:54+ Get-ChildItem c:\temp -Recurse -Include *.txt | Where <<<< LastWriteTime -lt (Get-Date).AddDays(-10) | Remove-Item -Force + CategoryInfo : InvalidArgument: (:) [Where-Object], ParameterBindingException + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.PowerShell.Commands.WhereObjectCommand
PS version:
PS C:\temp> $PSVersionTable.PSVersion
Major Minor Build Revision
----- ----- ----- --------
2 0 -1 -1
Howto sort it?
???.... and you can use PowerShell directly to execute as much code, .ps1 files, and functions as you choose in a single run. No need for separate code runs and you don't need cmd.exe for that, though you can if you choose to.
Since PowerShell is doing the function run (the work) anyways, and code/these functions are PowerShell code (assuming here), then again, just put that is a single .ps1 file and run it directly
# Contents of SomeName.ps1 file
Get-ChildItem -path (c:\temp -Recurse -Include *.txt).FullName |
ForEach {
$PSItem|
Where LastWriteTime -lt (Get-Date).AddDays(-10) |
Remove-Item -Force
}
powershell '.\SomeName.ps1'

Cannot figure out why my Powershell script is getting permission errors

I cannot figure out why im getting permission errors, even though im running the script as a Domain Admin, which is in the full control group on the files/folders im trying to delete. UAC is not enabled on the pc the script is running from. I get the same errors no matter if i use enter-PSsession to the file server itself.
Its got to be how i approached the solution...ive tried other scripts that im not experienced enough to edit, they used a try/catch method with get-wmiobject and then .delete() command, and that script worked great...with no permission problems, it deletes profiles like a charm...and thats with the same credentials as my homemade script...So i really feel its not a true credential problem, and more to do with a shortcoming of the way im using the remove-item cmdlet.
here is my script...its my first homemade, not copy/pasted script, so feel free to point out the obvious bad practices... here is the script, and the errors will be below. The way i wrote this script is to try each individual command separately, then tie them together, that may be why some of it may be redundant.
##This process deletes ntuser.dat files and user profile folders
$users = (Read-Host "Enter each user (separate with comma)").split(',') | % {$_.trim()}
foreach ($user in $users) {
$datfile = "ntuser.dat"
$servers = Get-Content C:\servers.txt
$path1 = "\\fileserver\d$\TSEProfiles\$user.DOMAIN"
$path2 = "\\fileserver\d$\TSEProfiles\$user.DOMAIN.V2"
## Checks for ntuser.dat file in specified folders, if true, delete.
## Checking 4 locations on fileserver
If (Test-Path \\fileserver\d$\TSEProfiles\$user.DOMAIN\$datfile){
Remove-Item $path1\$datfile -recurse -force
}
if (Test-Path \\fileserver\d$\TSEProfiles\$user.DOMAIN.V2\$datfile){
Remove-Item $path2\$datfile -recurse -force
}
If (Test-Path \\fileserver\d$\roamingprofiles\$user.DOMAIN\$datfile){
Remove-Item $path1\$datfile -recurse -force
}
If (Test-Path \\fileserver\d$\roamingprofiles\$user.DOMAIN.V2\$datfile){
Remove-Item $path2\$datfile -recurse -force
}
## Checking 8 locations, if true, delete.
foreach ($server in $servers) {
If (Test-Path \\$server\c$\users\$user -PathType Container){
Remove-Item \\$server\c$\users\$user -recurse -force
}
}
}
Remove-Item : Access to the path '\\APPS3\c$\users\realdomainuser\AppData\Local\Application Data' is denied.
At C:\Users\admin\Documents\zoink.ps1:35 char:2
+ Remove-Item \\$server\c$\users\$user -recurse -force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (\\APPS3\c$\users\realdomainuser:String) [Remove-Item], UnauthorizedAccessException
+ FullyQualifiedErrorId : RemoveItemUnauthorizedAccessError,Microsoft.PowerShell.Commands.RemoveItemCommand
Remove-Item : Access to the path '\\APPS4\c$\users\realdomainuser\AppData\Local\Application Data' is denied.
At C:\Users\admin\Documents\zoink.ps1:35 char:2
+ Remove-Item \\$server\c$\users\$user -recurse -force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (\\APPS4\c$\users\realdomainuser:String) [Remove-Item], UnauthorizedAccessException
+ FullyQualifiedErrorId : RemoveItemUnauthorizedAccessError,Microsoft.PowerShell.Commands.RemoveItemCommand
django - THis is the delete profile output after running the local machine policy script. still getting auth errors.
Remove-Item : Access to the path '\\APPS7\c$\users\someuser\AppData\Local\Application Data' is denied.
At C:\Users\admin\Documents\zoink.ps1:35 char:2
+ Remove-Item \\$server\c$\users\$user -recurse -force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (\\APPS7\c$\users\someuser:String) [Remove-Item], UnauthorizedAccessException
+ FullyQualifiedErrorId : RemoveItemUnauthorizedAccessError,Microsoft.PowerShell.Commands.RemoveItemCommand
I once was having issues running scripts due to permissions on some of our Citrix VM's that didn't have powershell scripts running, however I was able to run bat files so I created a PS scripted wrapped inside a bat file.
echo "Killing IE"
powershell -Command "stop-process -processname iexplore"
While it is nowhere near an elegant solution it is an easy hack that serves it's purpose.
Try running this script. This is an example of permanently setting your local machine policy for scripts:
# SetExecutionPolicyToRemoteSigned.ps1
Write-Output "Setting local Powershell policy to RemoteSigned"
Write-Output ""
Set-ExecutionPolicy -scope CurrentUser Undefined -Force
#Set-ExecutionPolicy -scope Process Undefined -Force
Set-ExecutionPolicy -scope LocalMachine Undefined -Force
Set-ExecutionPolicy -scope CurrentUser RemoteSigned -Force
#Set-ExecutionPolicy -scope Process RemoteSigned -Force
Set-ExecutionPolicy -scope LocalMachine RemoteSigned -Force
Write-Output "Finished."
Get-ExecutionPolicy -list
Start-Sleep -s 10
It will result in the following output:
PS C:\Users\qa> Get-ExecutionPolicy -list
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process RemoteSigned
CurrentUser RemoteSigned
LocalMachine RemoteSigned
Then, you can just run a script like this one without a policy prompt. Best of all, the policy should survive rebooting your system :
# Filename: Hello.ps1
Write-Host
Write-Host 'Hello World!'
Write-Host "Good-bye World! `n"
# end of script
And another example of running a script:
powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile
-WindowStyle Hidden -File script_name

Delete broken link

I need to delete all the content of a folder which may include broken links among others. The folder path is provided by a variable. Problem is that PowerShell fails to remove the broken links.
$folderPath = "C:\folder\"
Attempt 1:
Remove-Item -Force -Recurse -Path $folderPath
Fails with error:
Remove-Item : Could not find a part of the path 'C:\folder\brokenLink'.
At line:1 char:1
+ Remove-Item -Force -Recurse -Path $folderPath
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : WriteError: (C:\folder\brokenLink:String) [Remove-Item], DirectoryNot
FoundException
+ FullyQualifiedErrorId : RemoveItemIOError,Microsoft.PowerShell.Commands.RemoveItemCommand
Attempt 2:
Start-Job { cmd /c rmdir $folderPath }
Fails because $folderPath gets passed as is instead of its value:
Start-Job { cmd /c rmdir $folderPath } | select command
Command
-------
cmd /c rmdir $folderPath
Any suggestion besides using the .NET framework?
EDIT
By broken link I'm referring to a folder which points to a previously mounted partition, that doesn't exist anymore. The folder is still available but when attempting to navigate into it this error occurs because the destination doesn't exist anymore:
Error:
C:\folder\brokenLink refers to a location that is unavailable. It
could be on a hard drive on this computer, or on a network. Check to
make sure that the disk is properly inserted, or that you are
connected to the Internet or your network, and then try again. If it
still cannot be located, the information might have been moved to a
different location.
This will work:
$folderPath = "C:\folderContaingBrokenSymlinks\";
$items = ls $folderPath -Recurse -ea 0;
foreach($item in $items){
if($item.Attributes.ToString().contains("ReparsePoint")){
cmd /c rmdir $item.PSPath.replace("Microsoft.PowerShell.Core\FileSystem::","");
}
else{
rm -Force -Recurse $item;
}
}

Parsing Shortcuts in Powershell

I have some code which is trying to make a copy of a directory which contains shortcuts:
# Create a directory to store the files in
mkdir "D:\backup-temp\website.com files\"
# Search for shortcuts so that we can exclude them from the copy
$DirLinks = Get-ChildItem "\\web1\c$\Web Sites\website\" -Recurse | ? { $_.Attributes -like "*ReparsePoint*" } | % { $_.FullName }
# Execute the copy
cp -recurse -Exclude $DirLinks "\\web1\c$\Web Sites\website\*" "D:\backup-temp\website.com files\"
But when I execute the script I get the following error:
Copy-Item : The symbolic link cannot be followed because its type is disabled.
At C:\scripts\backup.ps1:16 char:3
+ cp <<<< -recurse "\\web1\c$\Web Sites\website\*" "D:\backup-temp\website.com files\"
+ CategoryInfo : NotSpecified: (:) [Copy-Item], IOException
+ FullyQualifiedErrorId :
System.IO.IOException,Microsoft.PowerShell.Commands.CopyItemCommand
It seems the script is getting hung up on a symbolic link (I'm assuming the shortcut) that I'm trying to exclude in the fourth line of the script.
How can I tell powershell to ignore/exclude shortcuts?
Thanks,
Brad
If you are on V3 or higher you can eliminate the reparse points like so:
Get-ChildItem "\\web1\c$\Web Sites\website" -Recurse -Attributes !ReparsePoint |
Copy-Item -Dest "D:\backup-temp\website.com files"
On V1/V2 you can do this:
Get-ChildItem "\\web1\c$\Web Sites\website" |
Where {!($_.Attributes -bor [IO.FileAttributes]::ReparsePoint)} |
Copy-Item -Dest "D:\backup-temp\website.com files" -Recurse
So it turns out that the issue I faces is explained in this Microsoft Blog Post:
http://blogs.msdn.com/b/junfeng/archive/2012/05/07/the-symbolic-link-cannot-be-followed-because-its-type-is-disabled.aspx
Essentially on the server I am running the powershell script from I needed to run the following command:
fsutil behavior set SymlinkEvaluation R2R:1
This allows Remote to remote symbolic links. Once this is in place the above powershell commands run as expected without errors.