问题
I have been doing some research to see if there is a way to script this functionality and I cant seem to find where these certs are actually stored. I see the other articles on "deleting certificates from store", but I think these are causing me more confusion.
If I run a search like get-childitem -path cert:\CurrentUser, I don't see the Other People location. But, I am able to see the location in certmgr.msc. I have also checked the reg locations outlined here: https://technet.microsoft.com/en-us/library/cc783813(WS.10).aspx and can't seem to find the location either.
So, I guess my question is as follows:
- Can a script be built to go into this location and do a full clean-up?
- Where are these certs actually installed on the local system?
Thank you, and I apologize if this seems a little erratic. This has been making my head spin for almost two hours. Thanks.
回答1:
What you are looking for is the AddressBook directory of the CurrentUser store. Do a gci Cert:\CurrentUser\AddressBook and I bet you see the exact same certificates as you do in the 'Other People' section of certmgr.msc. If you do not want to keep any of those certificates deleting them all is as simple as:
Get-ChildItem Cert:\CurrentUser\AddressBook | Remove-Item
They will all be deleted if you do that, so please do so with caution. Just want to get rid of expired certificates? Add a where statement like this:
Get-ChildItem Cert:\CurrentUser\AddressBook | Where{$_.NotAfter -lt [datetime]::Now} | Remove-Item
That one would only remove expired certificates.
Anyway, you want Cert:\CurrentUser\AddressBook.
来源:https://stackoverflow.com/questions/34802019/deleting-certs-from-the-other-people-certificate-store