functions/certificates/Add-CertificateReadPermission.ps1
|
function Add-CertificateReadPermission { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [string]$Thumbprint, [Parameter(Mandatory=$true)] [string]$AccountName ) $cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq $Thumbprint } if (-not $cert) { Write-Error "Certificate not found" return $false } try { $uniqueName = $cert.PrivateKey.Key.UniqueName } catch { Write-Error 'Private key not found!' return $false } $keyFilePath = "$env:ALLUSERSPROFILE\Microsoft\Crypto\RSA\MachineKeys\$uniqueName" if (-not (Test-Path -Path $keyFilePath)) { Write-Error 'Private key file not found!' return $false } try { $permissions = Get-Acl -Path $keyFilePath $rule = New-Object Security.AccessControl.FileSystemAccessRule $AccountName, 'read', allow $permissions.AddAccessRule($rule) Set-Acl -Path $keyFilePath -AclObject $permissions return $true } catch { Write-Error "Unable to add read permission! $_" return $false } } |