Solved- How to find certificates that are expiring within the next 30 days on Windows Server PowerShell Script

 

SSL certificates play a crucial role in ensuring secure communication between servers and clients. However, if they aren't properly managed and renewed before expiration, it can lead to downtime or security risks. Fortunately, Windows Server administrators can easily monitor SSL certificate expiration dates using PowerShell, allowing them to proactively renew certificates and avoid disruptions.

In this blog, we’ll walk you through how to use PowerShell to identify certificates expiring within the next 30 days on a Windows Server, providing you with a script that can help streamline this process.

Why Monitor Expiring Certificates?

An expired certificate can cause various issues, including:

• Service Disruption: Websites and applications relying on SSL/TLS certificates might stop functioning securely.
• Security Risks: Expired certificates can make encrypted connections vulnerable, leaving data exposed.
• Trust Issues: Visitors to your website might see security warnings, eroding trust in your brand.

By regularly monitoring your certificates, you ensure that your systems remain secure and reliable.

PowerShell Script to Find Expiring Certificates

PowerShell makes it easy to automate the task of checking for expiring certificates on your Windows Server. With the following script, you can quickly identify certificates expiring in the next 30 days.

PowerShell Script:

# Define the number of days to check for expiring certificates
$daysToCheck = 30

# Get the current date and time
$currentTime = Get-Date

# Calculate the expiration date threshold
$expirationThreshold = $currentTime.AddDays($daysToCheck)

# Get all certificates from the personal store of the local machine
$certificates = Get-ChildItem -Path Cert:\LocalMachine\My

# Filter the certificates to only include those that expire within the threshold
$expiringCertificates = $certificates | Where-Object {$_.NotAfter -lt $expirationThreshold}

# Display the expiring certificates
if ($expiringCertificates -ne $null) {
  Write-Host "Certificates Expiring in the Next $daysToCheck Days:"
  foreach ($cert in $expiringCertificates) {
    Write-Host "Subject: $($cert.Subject)"
    Write-Host "Expiration Date: $($cert.NotAfter)"
    Write-Host "Thumbprint: $($cert.Thumbprint)"
    Write-Host "----------------------------------------"
  }
} else {
  Write-Host "No certificates are expiring in the next $daysToCheck days."
}

 

 The script first defines the threshold date You can change it as per your requirement.

Read More

Solved- How to find certificates in IIS that are expiring within the next 30 days

 

To find certificates in IIS that are expiring within the next 30 days, you can use PowerShell to automate the process. Run the following command in an elevated PowerShell window.

 

This script retrieves all certificates stored in the Local Machine's "My" store and filters those expiring within the next 30 days. It displays the certificate subject and expiration date, helping administrators take proactive renewal actions. Regularly running this check can prevent service disruptions due to expired SSL certificates.

 

 

function Get-IISSiteCertificates {
    $iisSites = Get-WebSite
    $assignedCerts = @()

    foreach ($site in $iisSites) {
        $bindings = Get-WebBinding -Name $site.Name
        foreach ($binding in $bindings) {
            if ($binding.Protocol -eq "https") {
                $certThumbprint = $binding.CertificateThumbprint
                $cert = Get-ChildItem -Path "Cert:\LocalMachine\My\$certThumbprint"
                if ($cert) {
                    $assignedCerts += [PSCustomObject]@{
                        SiteName        = $site.Name
                        CertificateName = $cert.FriendlyName
                        ExpirationDate  = $cert.NotAfter
                        CertificateThumbprint = $cert.Thumbprint
                    }
                }
            }
        }
    }

    $assignedCerts | Format-Table
}

# Example usage:
Get-IISSiteCertificates 

OR

You can also try below script

 

function Get-IISSiteCertificates {
    $httpsBindings = Get-WebBinding | Where-Object {$_.Protocol -eq "https"}
    
    foreach ($binding in $httpsBindings) {
        $siteName = (Get-WebSite -Name $binding.Name).Name
        $certThumbprint = $binding.CertificateThumbprint
        
        Write-Host "Certificate for site: $siteName"
        Write-Host "Certificate Thumbprint: $certThumbprint"
        
        $cert = Get-ChildItem -Path "Cert:\LocalMachine\My\$certThumbprint"
        if ($cert) {
            Write-Host "Certificate Name: $($cert.FriendlyName)"
            Write-Host "Expiration Date: $($cert.NotAfter)"
        }
        
        Write-Host "----------------------------------------"
    }
}

# Example usage:
Get-IISSiteCertificates

 

Read More

Solved- Mounted Disk is not Visible in PowerShell

 

Recently I faced one issue with the mounted disk in PowerShell.

1. I was able to access mounted disk if I open normal PowerShell.

2. But when I try to access mounted drive from elevated PowerShell mode then I received below error.

Set-Location : Cannot find drive. A drive with the name 'Z' does not exist.

At line:1 char:1
+ Set-Location $MyInvocation.MyCommand.Name
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Z:String) [Set-Location], DriveNotFoundException
    + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.SetLocationCommand

Then after playing I found below solution.

1. Unmount the mounted disk from Windows Explorer or PowerShell.

2. Open PowerShell in elevated mode (Run as Administrator) and then mount the disk.

New-PSDrive -Name "Z" -Root "\\Santosh101.file.core.windows.com\downloads" -PSProvider "FileSystem" -Persist 

Read More

How unlock TFS/DevOps files and delete Workspace without TFS sidekick?

 Team Foundation Sidekicks is a very good toll for Microsoft Team Foundation Server administrators which providing Graphic User Interface for administrative and advanced version control tasks in multi-user TFS environments. But Team Foundation Sidekicks is no more offering updated version the last release was for Team Foundation Server 2015.  TFS sidekick was really good tool which helps Administrator to delete workspace and to remove file locks remotely. 

Below commands are very helpful for Administrator to delete workspace and unlock check out Dev Ops files remotely.

 1. Go to the Visual Studio directory which is in Program files folder and the below to see the use Workspace on. In this example you can see this user has two workspace.

 C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer>tf workspaces /owner:jason.roy /collection:https://devops.azurehowtos.com/MyCollection/

Workspace      Owner               Computer     Comment
-------------- ------------------- ------------ -----------------------------------------------------------------------
MyWork     Roy,Jason         RedBull-2023

MyWork-1  Roy,Jason        RedBull-2023

Once you run the above command you will Workspace name, Owner of the workspace and computer name.

 

2. If you want to delete workspace you simple run the below command.

 

C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer>tf workspace /delete /collection:https://devops.azurehowtos.com/MyCollection/Redbull-2023;jason.roy
A deleted workspace cannot be recovered.
Workspace 'MyWork;Jason.Roy' on server 'https://devops.azurehowtos.com/MyCollection/' has 49 pending change(s).
Are you sure you want to delete the workspace? (Yes/No) Yes

Type yes and press Enter, then it will delete the workspace. This option is really good if you want to delete the workspace of the employees who left the company and no more working on the projects. 

 

3. Instead of deleting workspace if you want to unlock specific file then you can run the below command.

 

tf undo $/MyCollection/Santy/Files/rptMem.rpt /workspace:"Redbull-2023";azurehowtos\jason.roy /s:https://devops.azurehowtos.com/MyCollection/

 

 OR

 

tf lock lock:none $/MyCollection/Santy/Files/rptMem.rpt /workspace:"Redbull-2023";azurehowtos\jason.roy /s:https://devops.azurehowtos.com/MyCollection/

 

the difference between tf lock and tf undo in below case.

• To delete pending changes in another user's workspace, use the tf undo command.
• To remove an exclusive lock on a file but not the pending changes, use the tf lock command.

Read More

Step by Step Guide How to find the user Account Lockout Source Computer and Application

 In Today's post, I will discuss an easy way to find the source Computer and Application for your Account lockouts. Many End Users save their password somewhere in the Services, Applications, and Batch file and forget to update it after password changes. This is not a good practice to keep passwords in applications, scheduled tasks, and Windows services. It is always recommended to use GMSA accounts for Windows services or to use a dedicated service account for Windows services.

There are many reasons behind your Account Lockouts.

1. Services using your old login credentials
2. Applications using old login credentials
3. Network drives Mapped using expired Windows login credentials
4. Windows Scheduled Tasks using expired login password.

1. How to find source Computer Name from Domain Controller Security Events.

 
When the Administrator configures the domain controller, they configure the Account lockout threshold, which helps to lock the user account in case anyone tries to use/hack your account. This is very helpful to secure your login account and company Infrastructure. The account Threshold can be set to specify the number of times a user can attempt to log in using the wrong credentials before it locks out. Whenever your account gets locked out, it generates Event ID 4740. To find out the source of the Account lockout, login to the domain controller. Open Event Viewer-> Security Events     

                                                                                  

                                                    

The on Right side Pane click on Filter Current Logs-> In All Event ID's type 4740 and click on OK to search for Event ID 4740.

 

  

 

A user account was locked out.

Subject:
    Security ID:        SYSTEM
    Account Name:        MY-AD$
    Account Domain:        AzureHowTos
    Logon ID:        0x007

Account That Was Locked Out:
    Security ID:        AzureHowTos\Azure
    Account Name:        Azure

Additional Information:
    Caller Computer Name:    PC-01 

As you can see above my user account is locked out and the source is PC-01. So I need to check PC-01 and what's is going on there.

2. How to Find the Application which is locking out my user Account.

Its easy to find the source computer, but event ID 4740 does not show the application which is locking out your computer account. There is one easy way to find the Application which is locking out your computer.

1. Login to the end users computer and Open PowerShell ISE as an Administrator.

2. Copy and Paste below script in it and run. Note - Replace Computer-Name with source/your computer name.

$filter = @{LogName = "Security"; Id = 4625; StartTime = (Get-Date).AddDays(-5)}

$lockouts = Get-WinEvent -ComputerName PC-01 -FilterHashTable $filter -MaxEvents 1 -ErrorAction 0

$lockouts| Select @{Name = "LockedUserName"; Expression = {$_.Properties[5].Value}}, `
@{Name = "LogonType"; Expression = {$_.Properties[10].Value}}, `
@{Name = "LogonProcessName"; Expression = {$_.Properties[11].Value}}, `
@{Name = "ProcessName"; Expression = {$_.Properties[18].Value}}

3. Here you can see that my user account locked out by Windows Service. This will help you to narrow down the issue and find the source application which is locking out your user account.

Read More