Hi all, Is there any way to remove all the certificates issued and installed in the local store of a great number of computers? We have duplicated the computer certificate that we are using for autoenrol by GPO to all the domain computers but in the proccess by error we let the check of auto enroll enabled and now the problem is that we have two certificates for the same in all the computers. It would not be a great problem but seems that it's affecting the IAS service for example. If one machine has two certificates for computer authentication because the certifcates dont have the same template name, which of then is going to be used to authenticate the machine, the last one installed with most recent creation date? thanks in advance

Hi, Based on my research, the machine will randomly choose an available certificate for authentication if there are multiple valid certificates in the computer store. To remove certificate, you can use the certutil -delstore command. This posting is provided "AS IS" with no warranties, and confers no rights.

Thanks a lot for the answer Joson Zhou, and apologies for my late answer. We have created vbs script that using certutil command look for the name of the template and deleted it from the local store of the computer. For an automatic proccess we are launching the script during users logon. Thanks again for your answer.

Chucky any chance you could post up your vbs? I couldnt work out how to look for the name of the template.