I already have a script that runs the removal tool for the eDellroot certificate, but I was wondering if anyone has a way to detect the certificate. At the very least, a way to do it in the verify part of the removal script, so I can avoid running it on machines that do not have the cert. Ideally, I'd like to be able to do a custom inventory rule to actively monitor how many devices have the cert installed. 
Answer Summary:
Cancel
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answer Chosen by the Author

1
These two powershell commands will also give the output "Found Certificate" if the problem certs are found. Could output this with the hostname to a file to get a list of affected machines. 

Get-ChildItem -Path cert:\LocalMachine\Root | Where-Object {$_.Subject -like "*eDellRoot*"} | ForEach-Object {Write-Host "Found Certificate"}

Get-ChildItem -Path cert:\LocalMachine\Root | Where-Object {$_.Subject -like "*DSDTestProvider*"} | ForEach-Object {Write-Host "Found Certificate"}
Answered 11/30/2015 by: ashlea
Blue Belt

  • I must've missed your answer here so I deleted my comment below! My solution was the same except the last pipe was to Out-File so I could import the text file as a CIR and generate a report.
Please log in to comment

Answers

0
http://www.itninja.com/question/edellroot-certificate-uninstall-using-k1000

In my post there is a bit of code you can adapt for your needs, or it might help atleast. You will need to use certutil.exe, unless your machines have the cmdlets to mess around with certs. 

I would try and detect/query it via serial number if it allows, failing that get the output of the cert store to a variable, then search the varible for the cert serial number.

My use case was drivers and Windows 7, hence certutil.
Answered 11/25/2015 by: rileyz
Red Belt

Please log in to comment
0
I ended up using a combination of discovered software, processes, and startup programs detected by Kace to look for the Dell System Detect Software. Fortunately, of the 25 machines that had the probability of having that software (out of 991 total devices), so far we have not found one that has. I targeted those 25 machines for the removal script and told users to expect a pop-up. We spot-checked 5 of the computers before pushing the script and they didn't have the cert anyway, so we're just doing it as a precaution. This was the quickest remediation plan I was able to come up with. 

TsBQ3n.png

XTeqm3.png

omBv6m.png

Hvj0K3.png

Answered 11/25/2015 by: ashlea
Blue Belt

Please log in to comment
0
https://dellupdater.dell.com/Downloads/APP009/eDellRootCertificateRemovalInstructions.pdf

Edited to add:  there is apparently a new removal tool according to this article: https://dellupdater.dell.com/Downloads/APP009/DellCertFix.exe

I think I'd just use an online kscript.  I don't have the cert to test with, but I think this should work using the executable from the above link:

gb5Jm8.png
Answered 11/26/2015 by: jknox
Red Belt

  • As my original post states, I already have a script that removes the certificate. I am using Dell's removal tool in a kscript. I'm talking about detecting whether their cert is installed via a custom inventory rule. I want to be able to say with 100% certainty that the cert is not on any of our devices. If I had the bad cert, I could import it into untrusted certificates in our group policy and call it good... But I don't.

    Verifying "Dell Foundation Services" didn't seem like a good option as the removal instructions seem to indicate that it's needed for other software, considering they only have you stop and then restart the service, rather than removing it.
    • This content is currently hidden from public view.
      Reason: Removed by member request
      For more information, visit our FAQ's.
Please log in to comment
Answer this question or Comment on this question for clarity