This project is read-only.


To launch this powershell script on a client, it is required that powershell script execution has been allowed.

The most easiest way to accomplish this is:
  • Launch 'cmd' as Administrator "Run As Administrator"
  • Type in 'powershell' and confirm with ENTER
  • Type in Set-Executionpolicy RemoteSigned and confirm with ENTER
  • Navigate the to the path where you have stored this powershell script
  • Launch the script with debug-certbasedwlan

Function explanations:

The following lines give information about all functions in the script and informs where customization is required.

  • Receives a string and returns it to be displayed it right aligned on the screen.

  • Receives a string and optional the number of tabulators which may used for shifting.
  • Returnes the string so that is fits to the screen width, considering shifting.

  • To connect to wireless networks, the windows service 'Wired Auto Config' must run.
  • It will be tested if the service is running, if not it will be tried to start the service.
  • Beside, the service 'Wired Auto Config' will be checked if it is running and it will be tried to start it.
  • This service is used to determine the LAN NIC adapter details .(This is not essential, but more accurate than checking by WMI.)
  • The function returns the service state for both mentioned services plus additional information.

  • Using netsh to get information about the WLAN profile. - Due to different Operating system languages,
  • These tests are not 100% reliable, only work for English environments.
  • Not all required WLAN settings can be checked with netsh, just some.
  • The function returns true or false for SSID, Authmode, Cipher setting and EAP mode.
  • A string for each of the four items will be also returned to see which test failed.
  • > You need to change the profile name and the SSID that need to be checked.

  • Using netsh to get information about the Network Interface Card (NIC).
  • It receives the NIC type that need to be checked (either WLAN or LAN) and optional if the MAC-Address and GUID shall be returned.
  • It returns the status of the NIC, for example if it is disabled or the LAN cable is not attached.
  • Optional it returns the MAC address and the GUID for further usage.

  • Using WMI to get ipconfig like information.
  • It receives the MAC address, the GUID, the NIC type, the WMI-Computername and the WMI namespace.
  • It returns IP Address, IP Subnet, DNS Server, DNS Domain, Gateway and the MAC Address
  • More information about WMI information which can be gathered:

  • In case the LAN service 'dot3svc' cannot be started to determine the LAN adapter details via netsh,
  • WMI is used to get the information by filtering with the physical adapters which are PCI based and
  • Not have the GUID as the WLAN NIC.
  • It receives GUID, searchType 'LAN or WLAN' adapter, Computername that need to checked and the WMI Namespace.
  • It returns the LAN NIC adapter state (true / false). If not okay additional information why not Ok.
  • More information:

  • Checks if the time on the local computer is accurate enough to perform domain authentication.
  • This is done by checking the NTP answer from w32tm against the local clock and the time service of the logon server.
  • If the deviation is less then 2 minutes, authentication should work fine.
  • It receives the client computername which time should be compared to the logon servername.
  • It returns true or false if the time is okay, plus addtional information.
  • More infromation

  • Checks if certificates of the Issuing Certificate Authority and the certificate of the Root Certification Authority is available in the particular local certificate store.
  • It receives the client certificate thumbprint.
  • It returns the checking result (true or false) for every certificate of the chain plus an additional message.

  • Checks if a web based Certificate Revocation List (CRL) certifcate, tests if the CRL server is internally and reachable, downloads the CRL, parses it with 'certutil',
  • Checks the parsed file if the Serial number of the client certificate is included to see if it has been revoked.
  • It receives the CDP server informatoin and the client certificate revocation list.
  • It returns the informatoin if domain internal revocation server can be reached and if the certificate has been revoked.
  • More information:

Last edited Jul 13, 2014 at 10:08 AM by Juanito99, version 14