0

I'm trying to compare two variables, which store a SHA1 hash. One of the variables is from a WMIC command and the other is from a get-childitem command.

The WMIC command in question: (Get-WmiObject -Namespace "root\CIMV2\TerminalServices" -Class Win32_TSGeneralSetting | select SSLCertificateSHA1Hash | Select -first 1).SSLCertificateSHA1Hash

The get-childitem command:

(Get-ChildItem Cert:\LocalMachine\My -Recurse | `
Where-Object {$_.NotAfter -gt ([datetime]::now).AddDays(36)} | WHERE {$_.Subject -match $HOSTNAME } | Select -first 1).Thumbprint

For some reason the comparison fails, even though both variables contain the same SHA1 hash. I have no idea what I'm doing wrong.

PS C:\scripts> $THUMBPRINT
381E44961164E60E789FBA00A30A848A8E6DEE9A

PS C:\scripts> $CURRENT_RDP_THUMBPRINT
381E44961164E60E789FBA00A30A848A8E6DEE9A

PS C:\scripts> $CURRENT_RDP_THUMBPRINT -eq $THUMBPRINT
False

When using the -like option, I get the same false result. Thinking it might have been an issue with the variable types, they appear to both be of the same type:

PS C:\scripts> $CURRENT_RDP_THUMBPRINT.GetType()

IsPublic IsSerial Name                                     BaseType
-------- -------- ----                                     --------
True     True     String                                   System.Object


PS C:\scripts> $THUMBPRINT.GetType()

IsPublic IsSerial Name                                     BaseType
-------- -------- ----                                     --------
True     True     String                                   System.Object
mklement0
  • 382,024
  • 64
  • 607
  • 775
gijs007
  • 233
  • 1
  • 7
  • 19
  • 1
    Does `($THUMBPRINT -replace '\W') -eq ($CURRENT_RDP_THUMBPRINT -replace '\W')` return `$true`? – mklement0 May 10 '23 at 21:34
  • As an aside: The CIM cmdlets (e.g., `Get-CimInstance`) superseded the WMI cmdlets (e.g., `Get-WmiObject`) in PowerShell v3 (released in September 2012). Therefore, the WMI cmdlets should be avoided, not least because PowerShell (Core) v6+, where all future effort will go, doesn't even _have_ them anymore. Note that WMI still _underlies_ the CIM cmdlets, however. For more information, see [this answer](https://stackoverflow.com/a/54508009/45375). – mklement0 May 10 '23 at 21:59
  • (Cont'd from the aside): Using `Get-CimInstance` and simplifying your command: `(Get-CimInstance -Namespace root\CIMV2\TerminalServices -Class Win32_TSGeneralSetting | Select -First 1).SSLCertificateSHA1Hash` – mklement0 May 10 '23 at 22:00
  • Another aside: Note that if you end a line with `|`, you don't also need an explicit line continuation (`\``) - PowerShell then knows that the statement is incomplete, and keeps looking for the end of the statement on the next line. – mklement0 May 10 '23 at 22:07

0 Answers0