Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, January 21, 2019 5:54 PM
I located an article where a user wrote a bat and vbs script to silently install a certificate to their clients' machines in the Peronal store for each user:
Since Group Policy and Group Policy Preferences didn’t offer a way to import a .PFX certificate into a user’s Personal certificate store, I turned to scripting the solution.
I first placed the vendorcertificate.pfx on a network share (e.g. %LOGONSERVER%\netlogon\certificates\vendorcertificate.pfx).
Next I created a .BAT script named import-certificate.bat which runs this command:
certutil -f -user -p "CertificatePassword" -importpfx "%LOGONSERVER%\netlogon\certificates\vendorcertificate.pfx"
I then created a .VBS script named import-certificate-silently.vbs that will run the import-certificate.bat script silently (so the user does not see a flash of the CMD window when this runs):
Set oShell = CreateObject ("Wscript.Shell")
Dim strArgs
strArgs = "cmd /c %LOGONSERVER%\netlogon\certificates\import-certificate.bat"
oShell.Run strArgs, 0, false
I'm testing this on my local machine before pushing it out to my clients. I'm importing a .cer file so changed the script slightly:
certutil -f -user -importcert "\\server\path\certificate.cer"
This works perfectly; it brings up the certificate installation window and I can direct it to install to for the current user and select to install in the Personal store.
However, running the VBS script above (edited path to my file, of course) yields no results. I just get a quick processing circle flash and the certificate doesn't install.
Any advice on what I'm missing or another avenue to push this certificate easily to all client users' Personal stores?
All replies (6)
Monday, January 21, 2019 7:44 PM ✅Answered | 2 votes
I do not have experience with user certificates.
Do you need to use this format? certutil -addstore -user -f "My" certname.cer
https://itluke.online/2017/09/23/how-to-import-a-certificate-into-the-local-users-store/
Monday, January 21, 2019 6:15 PM
I don't see any need for the VB script. Just call the bat file instead of the script.
Monday, January 21, 2019 6:37 PM
The bat file won't install it silently, it brings up the dialog to install. I'd prefer the certificate just install itself to the User>Personal store without any user interaction.
Monday, January 21, 2019 7:26 PM
If the bat file displays a dialog box that requires user action, then running the VB script to call the bat file will cause the same dialog box to display. The difference is that the script is hiding the dialog. So the user won't see the process, but it's still there.
Monday, January 21, 2019 7:40 PM
OK, gotcha. Any ideas how the user that wrote that above script got it to work? I'm assuming .pfx files install with dialogue too, but they apparently got it to install properly and with the dialogue hidden.
Monday, January 21, 2019 8:28 PM
That got it! Thank you.