views:

201

answers:

1

So, I'm trying to develop an agent-less environment management tool. The tool would essentially checklist a group of servers for specific settings that you could specify and it will either simply just report back the results, or make modifications (if allowed to).

I've been able to figure out how to do much of this remotely, but have yet to figure out a way to see which certificates are installed an active on a machine remotely. I'm just looking for basic certificate information like name, thumbprint, expiration date, and cert-chain validity.

Anyone know of way to do this using C# or some other method, like WMI? My attempts to find related information on the internet have been abysmal.

+1  A: 

Well, one way to do this is with a very lightweight "pseudo" agent. You can connect to the admin$ share or some other share of the machine and run a process remotely. Of course, you have to authenticate, just like with WMI and all of that. This is how things like Dameware or corporate antivirus tools, etc, install applications to remote machines without using Active Directory and so forth. You can use something like psexec or roll your own remote execution method. The execuable you would run would just be something lightweight that gathers the information, assuming you already know how to get this information locally, and then report back to your server. You could achieve that easily by having it accept arguments about where your server or whatever method you prefer.

BobbyShaftoe
Thats what I was afraid of, but doing the thin client is probably the only real way without installing an agent onto the box. Thanks for the input!
invenetix
My solution was setting PowerShell policy to remote-signed for the domain and then pushing the script out to all the machines. The script writes directly into a MSMQ of the centralized auditing server. Then had the auditing service check the queue for input and process it as needed.Over 16 months since I asked, but thought I'd add the comment if others run across the issue. Remote enumeration of certificates using .NET is not possible unless the application is ran locally on the targeted server.
invenetix