# REG variables for Certificate AutoEnrollment
$RegKey_AEPolicy = "HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\AutoEnrollment"
$RegName_AEPolicy = "AEPolicy"
$RegType_AEPolicy = "DWORD"
# REG variables for HTTPS (PKI) check
$RegKey_CAIssuer = "HKLM:\SOFTWARE\Microsoft\CCM\Security"
$RegName_CAIssuer = "Certificate Issuers"
# Disable Provisioning Mode
Invoke-WmiMethod -Namespace root\CCM -Class SMS_Client -Name SetClientProvisioningMode -ArgumentList $false
# Checks the existence of a certificate issuer value in registry to determine if the ConfigMgr environment is running HTTPS (PKI)
$CheckCAIssuer = Get-ItemProperty -Path $RegKey_CAIssuer | Select-Object -ExpandProperty $RegName_CAIssuer
if (($CheckCAIssuer -like "CN=*")){
if (!(Test-Path $RegKey_AEPolicy)){
# The ConfigMgr environment is running HTTPS (PKI). Creat Registry Key for AEPolicy, Run Certutil, Restart CCMEXEC service and wait a few minutes
New-Item -Path $RegKey_AEPolicy -Force | Out-Null;New-ItemProperty -Path $RegKey_AEPolicy -Name $RegName_AEPolicy -PropertyType $RegType_AEPolicy -Value $RegValue_AEPolicy -Force | Out-Null;certutil -pulse;sleep -seconds 60;Restart-Service -Name ccmexec;sleep -seconds 240
# The ConfigMgr environment is running HTTPS (PKI). Run Certutil, Restart CCMEXEC service and wait a few minutes
certutil -pulse;sleep -seconds 60;Restart-Service -Name ccmexec;sleep -seconds 240
# The ConfigMgr environment is not running HTTPS (PKI). Restart CCMEXEC service and wait a few minutes
Restart-Service -Name ccmexec;sleep -seconds 240