В наборе Windows Server 2003 Resource Kit Tools , есть утилита tsctst.exe — Terminal Server Client License Dump , для просмотра клиентских лицензий сервера терминалов. Основное ограничение на системах x64, что tsctst.exe – читает раздел реестра — HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\MSLicensing\Store , где отсутствует данная информация.
Если хочется воспользоваться данной утилитой, то можно скопировать/импортировать данные из HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\MSLicensing\Store и перенести в раздел : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing\Store и утилита вновь будет работать.
Нас будет интересовать ключ реестра LicenseXXX\ClientLicense(REG_BINARY), где содержится информация о сертификатах.
Для получения данных о сертификате , воспользуемся(для примера, приведу два способа):
1) System.Security.Cryptography.Pkcs.SignedCms
Add-Type -AssemblyName System.Security $license = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\MSLicensing\Store\LICENSE000" -Name "ClientLicense" $cms = New-Object System.Security.Cryptography.Pkcs.SignedCms $cms.Decode($license.ClientLicense) $cms.Certificates PS > $cms.Certificates Thumbprint Subject ---------- ------- 785F491C579B6421FE155EFB6E6482F1E44FC266 L=CON + CN=SBTR B50C54A586ADC8FA249639B7A06E3CE4B2C24070 L=SYSTEM + CN=CL-01 + SERIALNUMBER="1BcKee1dW/BhjacbI9tTm0hPCQ
2) System.Security.Cryptography.X509Certificates.X509Certificate2Collection
$certs = [System.Security.Cryptography.X509Certificates.X509Certificate2Collection]::new() $certs.Import($license.ClientLicense) $certs PS > $cms.Certificates Thumbprint Subject ---------- ------- 785F491C579B6421FE155EFB6E6482F1E44FC266 L=CON + CN=SBTR B50C54A586ADC8FA249639B7A06E3CE4B2C24070 L=SYSTEM + CN=CL-01 + SERIALNUMBER="1BcKee1dW/BhjacbI9tTm0hPCQ
Можно сохранить данные в файл и посмотреть, через оснастку — certmgr.msc:
$license.ClientLicense | Set-Content certs.p7b -Encoding Byte
Утилита tsctst.exe читает следующие OID:
Microsoft Hydra……………………………1.3.6.1.4.1.311.18
License Info root
szOID_PKIX_LICENSE_INFO 1.3.6.1.4.1.311.18.1
Manufacturer value
szOID_PKIX_MANUFACTURER 1.3.6.1.4.1.311.18.2
Manufacturer Specfic Data
szOID_PKIX_MANUFACTURER_MS_SPECIFIC 1.3.6.1.4.1.311.18.3
OID for Certificate Version Stamp
szOID_PKIX_HYDRA_CERT_VERSION 1.3.6.1.4.1.311.18.4
OID for License Server to identify licensed product.
szOID_PKIX_LICENSED_PRODUCT_INFO 1.3.6.1.4.1.311.18.5
OID for License Server specific info.
szOID_PKIX_MS_LICENSE_SERVER_INFO 1.3.6.1.4.1.311.18.6
Extension OID reserved for product policy module — only one is allowed.
szOID_PKIS_PRODUCT_SPECIFIC_OID 1.3.6.1.4.1.311.18.7
szOID_PKIS_TLSERVER_SPK_OID 1.3.6.1.4.1.311.18.8
Вывод утилиты:
PS > tsctst.exe /A
*** License # 1 ***
TS Certificate Version — 0x00050001
Licensed Product
HWID — 0x00000002, 0x7d4eb2c0, 0x37ffa910, 0x75eb542b, 0x87707af6
Client Platform ID — 0x000000ff
Company Name — Microsoft Corporation
Issuer — SBTR
Scope — COM
Issued to machine — CL-01
Issued to user — SYSTEM
TS Locale ID — 0x00000419
License ID — A02-5.02-S
Licensed Product Version 0005.0002, Flag 0x80d48000
Temporary RTM
Valid from — 1d30f66 8ff2a100 Mon Aug 07 13:18:50 2017
Expires on — 1d3561f 79202100 Sun Nov 05 13:18:50 2017
Поля:
Issuer,Scope,Issued to machine,Issued to user - Subject,Issuer
TS Certificate Version — 1.3.6.1.4.1.311.18.4(szOID_PKIX_HYDRA_CERT_VERSION)
Licensed Product — 1.3.6.1.4.1.311.18.2(szOID_PKIX_MANUFACTURER),
1.3.6.1.4.1.311.18.6 (szOID_PKIX_MS_LICENSE_SERVER_INFO)
TS Locale ID - 1.3.6.1.4.1.311.18.5( szOID_PKIX_LICENSED_PRODUCT_INFO)
License ID — 1.3.6.1.4.1.311.18.5( szOID_PKIX_LICENSED_PRODUCT_INFO)
Licensed Product Version — 1.3.6.1.4.1.311.18.5( szOID_PKIX_LICENSED_PRODUCT_INFO)
Valid from – NotBefore
Expires on – NotAfter
Function Get-TSCtst { Param( $Path = "HKLM:\SOFTWARE\Microsoft\MSLicensing\Store" ) $Certs = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection $License = Get-ChildItem $Path | Get-ItemProperty -Name ClientLicense $LicenseType = @{ "A02-5.00-EX" = 'Windows 2000 TS CAL from the "Built-in" pool.' "A02-5.00-S" = "Windows 2000 TS temporary or permanent CAL." "A02-5.02-S" = "Windows server 2003 TS temporary or permanent CAL." "A02-6.00-S" = "Windows server 2008 TS/2008 R2 RDS temporary or permanent CAL." } if(-not $License) { "Can't decode license" break } foreach($l in $License) { $Certs.Import($l.ClientLicense) } $Certs = $Certs.Where{$_.Subject -match "SERIALNUMBER"} $Number = 1 foreach($Cert in $Certs) { #Info [byte[]]$info = $Cert.Extensions | Where{$_.Oid.Value -eq '1.3.6.1.4.1.311.18.5'} | Foreach {$_.RawData} #TSVer [byte[]]$btsver = $Cert.Extensions | Where{$_.Oid.Value -eq '1.3.6.1.4.1.311.18.4'} | Foreach {$_.RawData} [Array]::Reverse($btsver) $TSVer = "0x$([BitConverter]::ToString($btsver).replace('-',''))" #Compnay $bcompany = $Cert.Extensions | Where {$_.Oid.Value -eq '1.3.6.1.4.1.311.18.2'} | Foreach {$_.RawData} $Company = [Text.Encoding]::Unicode.GetString($bcompany) #Product $CId = "0x$([BitConverter]::ToString($info[5..8]).Replace('-','').ToLower())" #Issuer,Scope $Scope,$Issuer = $Cert.Issuer -split "\s\+\s" | Foreach {$_.split("=")[1]} #User,Machine Issuer $UIssuer,$MIssuer = $Cert.Subject -split "\s\+\s" -match "^(L|CN)" | Foreach {$_.split("=")[1]} #Locale $bid = $info[12..13] [Array]::Reverse($bid) $TSId = "0x$([BitConverter]::ToString($bid).Replace('-','').PadLeft(8,'0'))" #License [string]$LicStr = [Text.Encoding]::Unicode.GetString($info) -split "\0" -match "A02-" #License Type $LicType = $LicenseType[$LicStr] #Licensed Product Version $LPV = "{0}.{1}, Flag 0x{2}" -f [BitConverter]::ToString($info,58,1).PadLeft(4,'0'), [BitConverter]::ToString($info,60,1).PadLeft(4,'0').ToLower(), [BitConverter]::ToString($info,63,4).Replace('-','').ToLower() #HWID $RegHWID = "HKLM:\SOFTWARE\Microsoft\MSLicensing\HardwareID" $ClientHWID = (Get-ItemProperty $RegHWID).ClientHWID $HexClientHWID = for($i=0;$i -le $ClientHWID.Count -1 ; $i+=4) { $temp = $ClientHWID[$i..($i+3)] [Array]::Reverse($temp) "0x$([BitConverter]::ToString($temp).Replace('-','').ToLower())" } $HexClientHWID = $HexClientHWID -join ', ' [PSCustomObject]@{ "ID" = $Number "TS Certificate Version" = $TSVer "HWID" = $HexClientHWID "Client Platform ID" = $CId "Company Name" = $Company "Issuer" = $Issuer "Scope" = $Scope "Issued to machine" = $MIssuer "Issued to user" = $UIssuer "TS Locale ID" = $TSId "License ID" = $LicStr "License Type" = $LicType "Licensed Product Version" = $LPV "Valid from" = $Cert.NotBefore "Expires on" = $Cert.NotAfter } $Number++ } } ID : 1 TS Certificate Version : 0x00050001 HWID : 0x00000002, 0x7d4eb2c0, 0x37ffa910, 0x75eb542b, 0x87707af6 Client Platform ID : 0x000000ff Company Name : Microsoft Corporation Issuer : SBTR Scope : CON Issued to machine : CL-01 Issued to user : SYSTEM TS Locale ID : 0x00000419 License ID : A02-5.02-S License Type : Windows server 2003 TS temporary or permanent CAL. Licensed Product Version : 0005.0002, Flag 0x80d48000 Valid from : 8/7/2017 1:18:50 PM Expires on : 11/5/2017 1:18:50 PM
PS. Скрипт Get-TSCtst.ps1 .