0

I am trying to use a script to remove smart card certificates in the personal certificate store. I am aware of how to do this manually through internet options however I would like to use a script to remove the certificates from the store automatically on logoff (I know how to run logoff scripts).

I found an answer from Ƭᴇcʜιᴇ007, and this script works, but not for all current and newer certificates from 2024 (this post is from 2015). I have attempted to understand how these certs work but it eludes me.

How can this script from Ƭᴇcʜιᴇ007 be modified to make this script work with newer certificates?

jaytheman221
  • 1

1 Answers1

-1

What Techie007 does is to remove certs that are intended for smartcard logon (open certmgr.msc and look at the column "intended purposes", SmartCard Logon equals "(1.3.6.1.4.1.311.20.2.2)").

So on your smartcard, there seem to be additional certificates that DON't have that intended purpose, but maybe instead they have for example "secure email", which equals (1.3.6.1.5.5.7.3.4).

So whatever certs you had or have on your card that have copied to the my store and should be deleted need to be identified, for example by type of intended purpose and then you simply expand techie007's script accordingly. The numbers are found inside the certificate's attribute "enhanced key usage".

Bernd Schwanenmeister
  • 462