The PowerShell Podcast PowerShell Tools for PKI and Secure Boot with Richard Hicks
Listen to this Episode
Audio available
Long-time Microsoft MVP and consultant Richard Hicks joins The PowerShell Podcast to talk about ADCS security, PKI misconfigurations, and why PowerShell is a consultant’s ultimate force multiplier. Richard shares real-world stories from auditing enterprise certificate environments, explains how simple template mistakes can lead to full domain compromise, and walks through tools like Locksmith that help administrators quickly identify dangerous configurations.
The conversation also explores Richard’s open-source PowerShell work, including his widely downloaded Get-UEFICertificate script for Secure Boot certificate expiration issues and his new ADPrincipalCertificate module for cleaning up unnecessary certificates published in Active Directory. Along the way, Richard reflects on career growth, publishing, consulting, and why sharing knowledge openly has been one of the biggest drivers of his long-term success.
Key Takeaways:
• ADCS is easy to deploy but difficult to secure — Misconfigured certificate templates, especially ESC1 scenarios, can allow instant privilege escalation and domain compromise.
• PowerShell turns repetitive work into reusable tools — From UEFI certificate auditing to Active Directory cleanup, scripting creates consistency and prevents human error.
• Sharing expertise compounds over time — Blogging, publishing modules, and speaking at conferences builds credibility, community, and long-term career momentum.
Guest Bio:
Richard Hicks is the founder and principal consultant of Richard M. Hicks Consulting, Inc. A Microsoft MVP with over 30 years of experience, he specializes in secure remote access and PKI, helping organizations deliver secure, high-performing access for today’s mobile workforce.
Resource Links:
- Richard Hicks Website – https://richardhicks.com
- Connect with Richard – https://richardhicks.com/connect
- Connect with Andrew: https://andrewpla.tech/links
- Get-UEFICertificate Script – https://www.powershellgallery.com/packages/Get-UEFICertificate
- ADPrincipalCertificate Module – https://www.powershellgallery.com/packages/ADPrincipalCertificate
- Locksmith ADCS Audit Tool – https://github.com/jakehildreth/Locksmith
- PDQ Discord – https://discord.gg/PDQ
- PowerShell Wednesdays – https://www.youtube.com/watch?v=Oa0GYX9_vj8&list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B&pp=sAgC
- The PowerShell Podcast on YouTube: https://youtu.be/4HYCAjQS2W8
About the Author
Andrew Pla
PowerShell MVP, podcast host, and Community Director of PowerShell Summit
I’m a technical educator and community builder. I’m a Microsoft PowerShell MVP, podcast host, speaker, and Community Director of PowerShell Summit. I also work at PDQ alongside sysadmins and IT pros every day.
Community isn’t just what I do. It’s where I get my energy. I genuinely light up when I see someone land a new job, level up a skill, or show up to their first conference. I love sharing that passion with others.
Every week I host a live podcast and stream on YouTube covering PowerShell, automation, and the humans behind the keyboards.
If you’re on your IT journey and need someone in your corner, you’re in the right place. Find more at andrewpla.tech/links.