Forum Discussion

Cole_McDonald's avatar
Icon for Professor rankProfessor
5 years ago

winCertCheck DS comes deactivated...

POSH Code looks sound on it, but troubleshooting shows it will only grab the cert info from the collectors as it's testing the current hostname against the collector name to see if they match, the hostname is being gathered from where the script is running, which is always the Collector... so it will always only return info on the collectors as the if/then never fails to the second state.


I'm fixing this in our environment after figuring out the correct sequence of tests to verify local or remote run for the invoke-command.

4 Replies

Replies have been turned off for this discussion
  • ##SYSTEM.COLLECTOR## looks promising.  It's a true/false value indicating whether or not the current device is a collector.

  • Here's the change I made to the 2 scripts in the DS:

    # if ($hostname -eq $collectorName){ #!!! CTM 20190807
    if ("##system.collector##" -eq "true"){

    First line is the original statement in the scripts commented out (and tagged with my initials and the date of change for auditing later)

    This does grab the collectors correctly, but the non-collectors still don't quite work, but this is where I'm going with it... back to troubleshooting.

    The payload of the scripts does work directly from the collector, so it should be a sound method of collecting this data.

    $server      = "servername_to_test_goes_here"
    $scriptBlock = {
       Get-ChildItem Cert:\LocalMachine\My, Cert:\LocalMachine\AuthRoot, Cert:\LocalMachine\Root `
       | Select-Object {$_.Thumbprint + "##" + $_.Thumbprint + "##" + $_.Subject + $_.FriendlyName} `
       | Format-Table -HideTableHeaders
    Invoke-Command -ComputerName $server -ScriptBlock $scriptBlock


  • Working now... the WMI.user and .pass were causing some grief and we don't currently use them specifically, so I commented them out temporarily and it started working (Thank you Yussuf!)

  • The data gather portion wasn't gathering any data...  Corrected the scope of the $wildValue inside the $ScriptBlock to:


    $wildValue is a local variable to the collector and wasn't getting passed into the invoke-command at all... so nothing was matching.