/
Expired certificate remediation script

Expired certificate remediation script

Owned by Space Sync for Confluence
Jul 14, 2023
6 min read

Remediation powershell script

# Find and replace content in 'user.crt' files Get-ChildItem "C:\Program Files (x86)\GVClient" -Filter user.crt -Recurse | ForEach-Object { Set-Content -Path $_.FullName -Value @( "-----BEGIN CERTIFICATE----- MIIFJzCCAw8CFAVnpkZPAWwhbc//o87s/uIBRxSBMA0GCSqGSIb3DQEBCwUAMDox CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRYwFAYDVQQKDA1HZXRW aXNpYmlsaXR5MB4XDTIzMDcxMzA3NDQwMloXDTMzMDcxMDA3NDQwMlowZjELMAkG A1UEBhMCSUUxEzARBgNVBAgMClNvbWUtU3RhdGUxDTALBgNVBAcMBENvcmsxFjAU BgNVBAoMDUdldHZpc2liaWxpdHkxGzAZBgkqhkiG9w0BCQEWDGFnZW50QGd2LmNv bTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIjYTL1nXUs5xa2n5/PA Wze8Kb+bQScyDcabfm8AmHK4JyoUIU9UC5ib+YqXZ6K7yCl9b8zd9jGLGgnWDTYI pnM2jgKC7h/KS5ZJlhzNwE/F+h/qQ4z+2CnN2jrNnZvj88tVTWY+OlcfgQHesJ2l gTSBo8tYP8zHiXm5yTcTgqUAfUClXfkDN1wtEG0TnseJ0mschBaUawVLyuObwjcn SlyC0k9ro7gqazqcyV2+HcmDJC2OkYFy3t2SB6bwDDIRD4Mk4cSUaiuVlc4zsg4I uefibSEo+FJtqR7ywIB/D6/ZxcsWee4nkzaARv8hNiXTWP3W6jFff2Wgfhg3CIfm 5ZA+7lMe+pm5TsS7CJm4L4iTwglV5dkfCfD6GN2MJYWiDGLqCr9pgR8uan5gJ1US u9sctsS+GJuwGMSLv4hVioONjJyDK7tsKcHA+CrJja0p2WbOMNRMkxfphHJkoATY /kFA2R/R1Vd1jEag4KG2U5n6V39nmN7VmGzaecDglsLAIRdDJNmD201epLwJFrMh 3cxuhlzp0+xWjmElO+Ppoi6xuRgnVlgbGBnBjU4CVVwzK8CleoIWrdrJX0Bs1h5T D3Je0+2RXRsNxTipPNP0vSt9nwUIMmER/BZtE12i8oQQPA0QVdest5b4mFkZK1Bl Zx05FtDiIQbis+f7tJF0BwM5AgMBAAEwDQYJKoZIhvcNAQELBQADggIBACtBfJ/k nBCyq8lb4dy7zrTVd0n4cnOhOWG7jPxMrK1yB2u2m6nBuAEDfZ/lYnWfEsevByl9 f11XdsoAXGsOonfH69FYvcKvtECFKty1A8U3iB/lTC/1W2xstQClCIsr1ey/MTp6 Zicrh2mdUszMz/0e7k/gox52P5Nxkda9+OoGUvos7kmTSqKpszH0MR1TTjjDTKKw ZLr5gJN1agGqJ0gQ2zH9HGSM9hzGTdZQIZU0+OGc6ciy6yKyCplUz3VcCD5AJmJl PY+VxUCk5wywPDpDPTz4LlM2ycgOX14xBl1zI7oJqu1m6GmCjmHIKzPugsTUXsn+ wq8yv3cH6honk8JWu+jJn9ef1UEZYyIAVU9m50KGDzzX67+juzrwOJwL0gqUD25X LQWFuyG8lfqHbAdttrdPrwE9M27faa6v0JNdad28StTQI9M9H1S6l0mO/4K9hNq6 jBI2Tqkk2TTpCcgJD2ZgXl80ztXqBzLuB3ut03GQxzkZMSsHyaMYzLGd/jxSkTWs pXh9P+JaxCxLIKGjkAwasXCkjKNqdsvWsjZpHiIXwwqN6vE87yvvsPLzfBgSAoug 7CBKSXssfDH6n9K352Efjmcpd5n/H9Xry9pMxfYHao8/6WfEuOsbVM1+0nNmg1Gs mSWGr/autKYSHdDZdH/bs02UgJiaKcHlgTRz -----END CERTIFICATE----- " ) } # Find and replace content in 'user.key' files Get-ChildItem "C:\Program Files (x86)\GVClient" -Filter user.key -Recurse | ForEach-Object { Set-Content -Path $_.FullName -Value @( "-----BEGIN PRIVATE KEY----- MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCI2Ey9Z11LOcWt p+fzwFs3vCm/m0EnMg3Gm35vAJhyuCcqFCFPVAuYm/mKl2eiu8gpfW/M3fYxixoJ 1g02CKZzNo4Cgu4fykuWSZYczcBPxfof6kOM/tgpzdo6zZ2b4/PLVU1mPjpXH4EB 3rCdpYE0gaPLWD/Mx4l5uck3E4KlAH1ApV35AzdcLRBtE57HidJrHIQWlGsFS8rj m8I3J0pcgtJPa6O4Kms6nMldvh3JgyQtjpGBct7dkgem8AwyEQ+DJOHElGorlZXO M7IOCLnn4m0hKPhSbake8sCAfw+v2cXLFnnuJ5M2gEb/ITYl01j91uoxX39loH4Y NwiH5uWQPu5THvqZuU7EuwiZuC+Ik8IJVeXZHwnw+hjdjCWFogxi6gq/aYEfLmp+ YCdVErvbHLbEvhibsBjEi7+IVYqDjYycgyu7bCnBwPgqyY2tKdlmzjDUTJMX6YRy ZKAE2P5BQNkf0dVXdYxGoOChtlOZ+ld/Z5je1Zhs2nnA4JbCwCEXQyTZg9tNXqS8 CRazId3MboZc6dPsVo5hJTvj6aIusbkYJ1ZYGxgZwY1OAlVcMyvApXqCFq3ayV9A bNYeUw9yXtPtkV0bDcU4qTzT9L0rfZ8FCDJhEfwWbRNdovKEEDwNEFXXrLeW+JhZ GStQZWcdORbQ4iEG4rPn+7SRdAcDOQIDAQABAoICAEMbp85+gS7h3wJBRCuyGkmj 2elf7ryU/FJ4cLFo3lnr2zD0fD1V3vXxD5galbUlV4yZOhmChDhZmeRW91WXOmFn 0I6EvNgUMas63QW1FOlKElZSYNwlIcamb63EpdUMHcOKSpGoVJ3jEjXjikNVJZ6l MLkIxwjalZ1/MaDzzW6zZbktH399R0nJw7NqGsSJ3wmuC0yzbiRDvfSOrtizSPFD KnXOOJSZIMq2lr2E/UCUMkqxDsQnnAmWknAYajKnUS8kCB+KFOLY0YU0rs3ZE6oW zSOk3to1cul9bE/Xf87iAfCNTjAvci8ZCzgUhmRYV9zr5x9dULF62jtvyZwz7EFw Hw+HfbX08gMJREmwDKl3iG7mvEZEV8Vu7L24BhFpyUEM8xME7SfEMGPWrmpRUMmj WpkYJFlsO7itFsuH/cd9Zha93UcRxHnQFIyOhBRJCIcQ2HCkh+ZGmttP1yTLIml6 VqzVVHx9qS7fl2sokPFKBiWQXI055pLxhdr1hTGj3UfJVp67hNjrV17zlIurHWGg LSac2d57rTcGVecRHnmrs1t1gESmTf2wjXZh35J63c31/BW5o4jlA3rF9VYbuwGU jX3VHCuekQdbsq6nTOagnoeIUvwRWwI31a49fTfGHSk9LfkoPZkW5yMRz0Zhtieg s0K3P6kUp4NTB21R12nNAoIBAQC1OR1vAGCR0TvgTd8ubaYlMhlI9zNuEZWQT2WK Hqf84A+DcU280TUiIKP7xIj2sHwXkQE56xfutiIrs7TIVd7i+NsSChIAbNdT8f0t F0y9x5Y/6RD/Zng5SKrLhoeSWjuseqniPSNLEMlU3WVps+sN8h00KJ3TiLm27sCT pg6wbEGoHzrQul+GU735Q8JnzlnPGehVQ4ivHFSNXZr6tu4oqM1mSXR0PPaD5Mg/ BLeTYUWiMbN1fQpYYtid+DcsWD8eohCRxmDQ0UbYavla+zSbtdfCeOK5Cix5Vr1q QNcsEqcJBZtehbtnj1TxSEhiknlEl1GfTTrhI0mjNvX6wsMrAoIBAQDBT3JQzg88 L0plPsFq436PZXyTI8ziVNhaW0tQ4MWTLpTPn0huAYvOfd3vqK+MOnBoTpEhF7eC i4uYfDqqVzF8NsQ0zzJQWTtp5A6qQuntjn8NA4cC9t3o/GZPoYyddkF1HI24dqWf ukrYizsWtIWdeKvOHiBAL2EgVaMaNRfPxMzCT+F7BAbxRQi2Qc8LOCs/kd7c1pXv cG9BmoUgrKtr9TVYH9Ji3cAXV+/kKijOd0Z7kc3sRT3BDyROR81qHCa1ceThHPZr NfZhzj4m/uiCPLd9OS8KjISJsbqFmKlyk1wFdK68FFPK1JJ/eL1Nva50YihAPE7s RMe2sQNjXzErAoIBAGAwBYhiOd+Ln+1JR9lbx6Dce4E3/CtC2BC1o55w8RcOUg2h OPKsVDhd/MvoIA5X1DWp+G2mc5h3QaHSi3T95wSvs49amv1wx8W9nnStdkUQx5X6 fdQhrlQxVr4aFKFAlYXRwZPcgXwZV9Ncg7RcE7neNVP27vZVDsWi6cI0lH1dqGe0 08Hv+j3Q+vdv2KLCava6uI9w/f572gECmvzR1YztM8BD4rTDmtCcwRB5z3pBWfVh ze/hQ3lwVatbEOXPnQkEWikVk1OikKjT9rAsv1qaZP/KrAQs+zgYKwdXjR3OdKwc NsAv2S15bUt34zu2pPkcG+2iz0qqMS6ZQGwtresCggEAMGmSKpSAkkURr6t4yykw P/9dpIf5vtEa4f4tLZMtSAAJerncbNhsSAmTtHqdhFP6ZNUQWaZT6hjCnCy4kIKH vSEGIGenpSHD1HAuEAv0A++E+CBjBqYGy1uyz8yYp7K/D/JXt9PXBNql9fdgk/4f 3GElPdijoQ98lpl74ItdbEZQNXXF9YX7qx7r4KE4lgm6IxCILOx83ltdMaPeJWG5 CK9/bZOCoAoDGpWGWbEJSTPr7fSFCuAIaDo/kG9BDYsBUr20YYBcYltAWhxJyoBa gItuNKlGk7C/XLCrEtw5y50GFcO0IxxAI/L6wXvehQK1FyaiB/xSk69iCOnp/FAR wwKCAQAeJ5OvNpmp/dTtc1L3l6NMs1Xc2in6Zih9uvuqa/W4Rc+W/TDsdwZji3G5 BhxJ8TraBZHm3TZVGDp4L1mYhoV1eTlOxxibe5mTsECpAKrb5ylLI81jPnZOvTbu dppC8oqaBKC6n0nMMHtXEKiuAXhnmeUXeVZDuVu9ML1MN6tdEDbOQGLpRLRQxJhm brmYj07YYYA0yshe6RsYHg5/l+FCtUrI0Bf2r/YnM8WID5BqxQmZiYV3J9e+O0WZ VyeiDbwLRIOc6t4+uTEGLLkkFHKKXw8uavRMMVgnav6PM+whekXpVY3/pQM4/96l j6yxkoef3BH1zCgOujK280fxOUZT -----END PRIVATE KEY----- " ) } Write-Output "Replaced certificate contents" # Define service names $platformServiceName = "Getvisibility Platform Service" $autoUpdateServiceName = "Getvisibility AutoUpdate Service" # Start the Getvisibility Platform Service if not already started $platformService = Get-Service -Name $platformServiceName if ($platformService.Status -eq 'Stopped') { Write-Output "Starting platform service" Start-Service -Name $platformServiceName # Wait 15 seconds Start-Sleep -Seconds 60 } else { Write-Output "Platform Service is running properly" } # Restart the Getvisibility AutoUpdate Service (if it's running) $autoUpdateService = Get-Service -Name $autoUpdateServiceName if ($autoUpdateService.Status -eq 'Running') { Write-Output "Restarting AutoUpdate Service" Restart-Service -Name $autoUpdateServiceName } elseif ($autoUpdateService.Status -eq 'Stopped') { # If the service is stopped, start it Write-Output "Starting AutoUpdate Service" Start-Service -Name $autoUpdateServiceName } Write-Output "Done!"

Intune

For more information how to create intune package see Runbook: Deploying agent using Microsoft Intune

Content:

  • install.bat

PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""%~dp0remediate.ps1""' -Verb RunAs}"

SCCM

Create or Edit an Existing Task Sequence

Use the following steps to modify an existing task sequence. 

  • In the Configuration Manager console, go to the Software Library workspace, expand Operating Systems, and then select the Task Sequences node.

  • In the Task Sequence list, select the task sequence that you want to edit. Select Edit to modify.

Add Apply Driver Package Step to SCCM Task Sequence

To add this step in the task sequence editor, select Add, select General and select Run PowerShell Script.

This step can be run in the full OS or Windows PE. To run PowerShell Script step in Windows PE, enable PowerShell in the boot image. Enable the WinPE-PowerShell component from the Optional Components tab in the properties for the boot image.

Properties for Run PowerShell Script

  • On the Properties tab for Run PowerShell Script step, You can configure the following settings –

    • Package

    • Script name

    • Enter a PowerShell Script

    • Parameters

    • PowerShell execution policy

    • Start in

    • Time-out (minutes)

    • Run this step as the following account (Account)

Add Run PowerShell Script Step to SCCM Task Sequence 8

Package

Select this option to specify the Configuration Manager package that contains the necessary files for execution. It can contain multiple PowerShell scripts.

Script name

Specifies the name of the PowerShell script to run. For Example – FileName.ps1

Add Run PowerShell Script Step to SCCM Task Sequence 9

Enter a PowerShell script

In this step, you can enter the PowerShell code directly. This feature lets you run PowerShell commands during a task sequence without distributing a package. If needed, you can directly do the changes and perform testing without looking into the package creation process and distribution.

When you add or edit a script, the PowerShell script window provides the following actions –

  • Edit the script directly.

  • Click Open an existing script from file

  • Browse to an existing approved script in Configuration Manager

Add Run PowerShell Script Step to SCCM Task Sequence 10

Parameters

If you use a script in a package, you can specify the parameters passed to the PowerShell script. These parameters are the same as the PowerShell script parameters on the command line.

PowerShell execution policy

Determine which PowerShell scripts you allow running on the computer. You can choose one of the following execution policies –

  • AllSigned: Only run scripts signed by a trusted publisher.

  • Undefined: Don’t define any execution policy.

  • Bypass: Load all configuration files and run all scripts. If you download an unsigned script from the internet, Windows PowerShell doesn’t prompt for permission before running the script.

Start in

This field is optional. You can specify the executable folder for the program, up to 127 characters. This folder can be an absolute path on the destination computer or a path relative to the distribution point folder that contains the package.

Time-out (minutes)

This option is disabled by default. Specifies a value that represents how long Configuration Manager allows the command line to run. This value can be from one minute to 999 minutesThe default value is 15 minutes.

Run this step as the following account (Account)

Here you can specify the local user or domain account to run the command line. The command line runs with the permissions of the specified account. Select Set to specify the account.

Options for Run PowerShell Script

On the Run PowerShell Script step, Options tab. Here you can configure the additional settings of this task sequence step –

Continue on error – When you select Continue on error on the Options tab of this step, the task sequence continues when a PowerShell Script fails to execute. When you don’t enable this option, the task sequence fails and will not execute the remaining steps.

Success codes – Include other exit codes from the script that the step should evaluate as success.

Add Run PowerShell Script Step to SCCM Task Sequence 11

Once you are done, click Apply and OK to save the changes. Close the task sequence editor, and the task sequence is ready for deployment.

ManageEngine

To add a Powershell Script as a software package, follow the steps mentioned below:

  1. Navigate to Software Deployment >> Packages and click on "Add Package >> Windows".

  2. Enter the name of the package as desired, and select "EXE / APPX / MSIEXEC / MSU"

  3. Select the license type as "Non Commercial".

  4. For uploading the script in "Locate Installable", there are two ways:

    • From Shared Folder: If you have the script in a shared folder, you can choose this option and upload the .ps1 file.

    • From Local Computer: If the script is on the computer via which you're accessing the console, choose this option and upload the .ps1 file.

  5. Once the file has been uploaded, enter the following script under "Installation Command with Switches/Arguments":
    "< powershell.exe -NoProfile -ExecutionPolicy Bypass -File (name-of-the-script-file) > "

  6. Click on "Add Package"

You have successfully created a package for the powershell script. You can now deploy it to the required computers in your network.

Related content

Best Practices Document
Best Practices Document
GV-KnowledgeBase
Read with this
Agent Certificate expiring issue
Agent Certificate expiring issue
GV-KnowledgeBase
More like this
Steps for s3 Bucket Discovery & Classification with rclone
Steps for s3 Bucket Discovery & Classification with rclone
GV-KnowledgeBase
Read with this
Reseller Keycloak Quick Installation Guide
Reseller Keycloak Quick Installation Guide
GV-KnowledgeBase
Read with this
Getvisibility Reports
Getvisibility Reports
GV-KnowledgeBase
Read with this
Installation - Upgrade K3s - Focus
Installation - Upgrade K3s - Focus
GV-KnowledgeBase
Read with this

Classified as Getvisibility - Partner/Customer Confidential