We create files under the MachineKeys folder, these files are created during CEM certificates generation.
A new tool has been developed called "CryptoCleaner.exe". Attached to this article. It will be released as part of our product with ITMS 8.6 RU1 release.
This utility enumerates key files in the MachineKeys folder and collects statistics for potential duplicates that can be safely removed. It can be used in SMP 8.5 and later.
- Start it with /? cmd for usage details.
- Read known certificates from NS
- Build public key map
- Read key information from MachineKeys
- Detect what key files belong to our certificates
- The tool can collect stats
- Backup keys that are counted as "trash" in the backup folder (archived in zips)
- Perform cleanup (with or without backup).
- Started with from command line without any parameters specified, tool examines local system and collects trash machine keys statistics
- Started with /? parameter tool shows possible usage scenario information with corresponding command line description.
- Backup: -backup –bkppath params. Tool will detect all files that will be deleted and backup them to specified folder compressed in zips. By default, it will place 10000 files in each zip file, this number can be specified from cmd. Nothing will be deleted in this mode.
- Clean: -clean. Tool will detect all files that will be deleted and backup them to specified folder. Then files will be deleted form MachineKeys folder. Backup can be disabled from cmd. It is recommended first to perform backup, and then execute clean operation, suppressing backup option (-nb).
- Restore: -r –bkppath. Tool will perform restore form backup folder by extracting zips content in MachineKeys folder.
- Tool asks user to confirm execution of selected operation. It can be suppressed by –q switch (useful if you want to route output to file).
Note: It is recommend to restart "Altiris Services" service after tool execution with -clean cmd.
You can output the results from the command prompt to a text file:
CryptoCleaner.exe > c:\results.txt