-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathGet-CertificatePermissions.ps1
41 lines (33 loc) · 1.4 KB
/
Get-CertificatePermissions.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<#
.SYNOPSIS
Returns the permissions of a certificate's private key file.
.INPUTS
System.Security.Cryptography.X509Certificates.X509Certificate2 to display permissions for.
.OUTPUTS
System.Security.AccessControl.FileSecurity describing the security on the cert's private key file.
.LINK
Find-Certificate.ps1
.LINK
Get-Acl
.EXAMPLE
Get-CertificatePermissions.ps1 -Certificate $cert
Returns the permissions for the certificate in $cert.
.EXAMPLE
Find-Certificate.ps1 -FindValue ExampleCert -FindType FindBySubjectName -StoreName TrustedPeople -StoreLocation LocalMachine |Get-CertificatePermissions
Returns the permissions for the certificate.
.EXAMPLE
$c = Find-Certificate.ps1 ExampleCert FindBySubjectName TrustedPeople LocalMachine ; Get-CertificatePermissions.ps1 $c
Another approach to get cert permissions.
#>
#Requires -Version 3
[CmdletBinding()][OutputType([Security.AccessControl.FileSecurity])] Param(
# The certificate to display permissions for.
[Parameter(Position=0,Mandatory=$true,ValueFromPipeline=$true)]
[System.Security.Cryptography.X509Certificates.X509Certificate2]$Certificate
)
Begin{try{Get-Command Get-Acl -CommandType Cmdlet -ErrorAction Ignore |Out-Null}catch{throw 'The Get-Acl command is missing.'}}
Process
{
$path = Get-CertificatePath.ps1 $Certificate
if($path -and (Test-Path $path -PathType Leaf)) {Get-Acl $path |ForEach-Object Access}
}