43 lines
1.4 KiB
PowerShell
43 lines
1.4 KiB
PowerShell
function Set-CertPermissions {
|
|
<#
|
|
.SYNOPSIS
|
|
Assigns Certificate Permissions for a user.
|
|
#>
|
|
|
|
[CmdletBinding()]
|
|
Param(
|
|
|
|
[Parameter(Mandatory=$true)]
|
|
[string]$certThumprint,
|
|
|
|
[Parameter(Mandatory=$true)]
|
|
[string]$user
|
|
)
|
|
|
|
$logLead = Get-LogLeadName
|
|
|
|
$certObj = Get-ChildItem "Cert:\LocalMachine\my\$certThumprint"
|
|
$rsaCert = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($CertObj)
|
|
|
|
if ($rsaCert.key -and $rsaCert.key.UniqueName) {
|
|
$fileName = $rsaCert.key.UniqueName
|
|
$directoryRsaMachineKeys = Join-Path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\" $fileName
|
|
$directoryCryptoKeys = Join-Path "C:\ProgramData\Microsoft\Crypto\Keys\" $fileName
|
|
|
|
if (Test-Path $directoryRsaMachineKeys) {
|
|
$path = $directoryRsaMachineKeys
|
|
} elseif (Test-Path $directoryCryptoKeys) {
|
|
$path = $directoryCryptoKeys
|
|
} else {
|
|
Write-Error "$logLead : Did not find an associated ACL File for $certThumbprint."
|
|
}
|
|
} else {
|
|
Write-Error "$logLead : Unable to determine Unique Key Name for $certThumprint"
|
|
}
|
|
|
|
$permissions = Get-Acl -Path $path
|
|
$rule = New-Object Security.AccessControl.FileSystemAccessRule $user, "FullControl", Allow
|
|
$permissions.AddAccessRule($rule)
|
|
Set-Acl -Path $path -AclObject $permissions
|
|
}
|