Re: certutil to verify the presence of a cert on multiple machines?

From: Torgeir Bakken \(MVP\) (
Date: 09/10/04

Date: Fri, 10 Sep 2004 19:24:41 +0200

Deji Akomolafe wrote:

> If you know how to use psexec, you could do something like:
> for /F %%a in (Computerlist.txt) do psexec \\%%a cmd /k
> certutil -verifystore CA 7f55c51d00030000001e

Note that when not using the switch "-c", certutil.exe must be in the
system path on the remote systems.

Also, later versions of psexec.exe can take the computer names from a
text file (using "@<some file>).

To avoid needing to close each command prompt in the script above,
just redirect the output to a result file.

Something like this should work from a command prompt or batch file:

psexec.exe @Computerlist.txt certutil.exe -verifystore CA
  7f55c51d00030000001e >result.txt

(put the above on 1 line)

If certutil.exe does not exist in system path on the remote servers,
you will need to do like this:

psexec.exe @Computerlist.txt -c certutil.exe -verifystore CA
  7f55c51d00030000001e >result.txt

If you run the above from Start\Run, you need to add "cmd.exe /k "
at the front to support the redirection to result.txt

cmd.exe /c psexec.exe @Computerlist.txt -c certutil.exe -verifystore
  CA 7f55c51d00030000001e >result.txt

torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide: