VMware Horizon Community
epa80
Hot Shot
Hot Shot
‎12-18-2017 06:47 PM

Import a Cert via UEM

We have a website that requires a certificate be put in place, that we were trying to see if UEM could accomplish. We are using linked clone/floating pools today, refresh on logoff, no mandatory profiles. Typically we would startup the parent VM, load the certificate manager MMC, and add the cert to the personal store for the machine account, but, we wanted to have the flexibility to change it out on the fly, without having to do a recompose. Is this something UEM can accomplish, or would we be better off pursuing it via group policy?

0 Kudos
4 Replies
ijdemes
Expert
Expert
‎12-18-2017 11:21 PM

Hi epa80​,

I understand your thought, and probably, in theory it's possible using UEM. However, since you are talking about adding a certificate in the certificate store for the local machine (if I understand correctly), a user normally isn't allowed to add a certificate in the store for the local machine, unless the user has those (admin) permissions. UEM runs in the context of the logged on user, therefore it depends on the permissions if the user can add the certificate to the store for the local machine.

I would go for the Computer GPO approach and let that GPO distribute the certificate and place it in the certificate store for the local machine(s).

Does this answer your question?


\\ Ivan
---
Twitter: @ivandemes
Blog: https://www.ivandemes.com
0 Kudos
epa80
Hot Shot
Hot Shot
‎12-19-2017 05:18 AM

Thank for the reply. If I wanted to put it in for "My user account" instead, is that possible then? Basically change from the computer account to the user. If it's still a bit too complex, we can go GPO.

0 Kudos
ijdemes
Expert
Expert
‎12-19-2017 05:31 AM

Sure, you can use the certutil command. Here's an example.

certutil -addstore -user "My" certificatename.cer

You can run the command from UEM, using Logon Tasks.

pastedImage_2.png

Not sure, but maybe you need to specify the full path to certutil.exe. So, C:\Windows\System32\certutil.exe

Additionally, you may choose to run the command only once and let UEM export/import the certificates.


\\ Ivan
---
Twitter: @ivandemes
Blog: https://www.ivandemes.com
ijdemes
Expert
Expert
‎12-21-2017 06:05 AM

Hi epa80​,

Did you manage to test using certutil.exe?


\\ Ivan
---
Twitter: @ivandemes
Blog: https://www.ivandemes.com
0 Kudos