How to detect whether a particular cert has been installed on a Windows box?

This is possible with a PowerShell one-liner, you just need an easy way to identify that cert (I'm using the cert's ThumbPrint).

If you already have a known machine that you know definitely has the cert installed (easiest way to check interactively is by just using certmgr.msc) then you can use that machine to find the cert's thumbprint.

The following PowerShell command will list all certs installed in the Trusted Publisher store in the local machine context:

Get-ChildItem -Path Cert:\LocalMachine\TrustedPublisher

Obviously the path above can be modified, to list other cert stores, or you can view (a long list of) all locally installed certs using:

Get-ChildItem -Path Cert: -Recurse

The first command should give you an output something like this:

PS C:\> Get-ChildItem -Path Cert:\LocalMachine\TrustedPublisher


    Directory:
    Microsoft.PowerShell.Security\Certificate::LocalMachine\TrustedPublisher


Thumbprint                                Subject
----------                                -------
83EDC96EC3D55125EFFC77BC815F9133E268D5EB  CN="User, Test", OU=Testing Resources...
4DFF713712084D43DE6879C689F9A143C4A793BF  CN=Server One Self-signed

Once you've found the Thumbprint of the cert that you're looking for, you can use that to filter the results like this:

Get-ChildItem -Path Cert:\LocalMachine\TrustedPublisher | Where-Object {$_.Thumbprint -eq "83EDC96EC3D55125EFFC77BC815F9133E268D5EB"}

That should return the details of the cert if it's installed, and nothing if it's not. Amongst other uses, this Powershell one-liner can be used as a Custom Script Detection method in an SCCM 2012 Application.

(Resources used: Use PowerShell to Find Certificates that are About to Expire | PowerTip: Use PowerShell to Discover Certificate Thumbprints | Using the Where-Object Cmdlet)