Re: certutil to verify the presence of a cert on multiple machines?

From: Torgeir Bakken \(MVP\) (
Date: 09/10/04

  • Next message: Thomas: "RE: Creating PKCS#7 with CryptSignMessage"
    Date: Fri, 10 Sep 2004 19:24:41 +0200

    Deji Akomolafe wrote:

    > If you know how to use psexec, you could do something like:
    > for /F %%a in (Computerlist.txt) do psexec \\%%a cmd /k
    > certutil -verifystore CA 7f55c51d00030000001e

    Note that when not using the switch "-c", certutil.exe must be in the
    system path on the remote systems.

    Also, later versions of psexec.exe can take the computer names from a
    text file (using "@<some file>).

    To avoid needing to close each command prompt in the script above,
    just redirect the output to a result file.

    Something like this should work from a command prompt or batch file:

    psexec.exe @Computerlist.txt certutil.exe -verifystore CA
      7f55c51d00030000001e >result.txt

    (put the above on 1 line)

    If certutil.exe does not exist in system path on the remote servers,
    you will need to do like this:

    psexec.exe @Computerlist.txt -c certutil.exe -verifystore CA
      7f55c51d00030000001e >result.txt

    If you run the above from Start\Run, you need to add "cmd.exe /k "
    at the front to support the redirection to result.txt

    cmd.exe /c psexec.exe @Computerlist.txt -c certutil.exe -verifystore
      CA 7f55c51d00030000001e >result.txt

    torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
    Administration scripting examples and an ONLINE version of
    the 1328 page Scripting Guide:

  • Next message: Thomas: "RE: Creating PKCS#7 with CryptSignMessage"