VMware Horizon Community
system32AUT
Enthusiast
Enthusiast

How to inject "root" and "trustedpublisher" Certificate over UEM 9.6 for User with...

....with Condition setting "member of group"  'domain\xyz'

my old way over SCCM:

cmd.exe /c certutil.exe -f -addstore "root" "\\server\folder\cert1a.p7b"

cmd.exe /c certutil.exe -f -addstore "trustedpublisher" "\\server\folder\cert1a.p7b"

We need this for the application "Passwordsafe" for over 150 user on different clients, not every time the same clients because the user is moving.

Thanks!

Tags (1)
2 Replies
DEMdev
VMware Employee
VMware Employee

Hi system32AUT,

Certutil would need to run elevated to add certs to the Root and TrustedPublisher stores, so you would need to configure some argument-based privilege elevation settings for those two certutil.exe command lines. Note that you don't need the "cmd.exe /c" bit – at least, there's nothing in your sample command lines that would require it.

Once you've done that, you can create a batch file that runs the two commands, and use UEM to create a shortcut to that batch file in the startup folder, for instance.

Reply
0 Kudos
ijdemes
Expert
Expert

To add certificates to "Certificates - Current User" you can use the following PowerShell commands. No elevated privileges required.

Import-Certificate -FilePath .\certificate.p7b -CertStoreLocation Cert:\CurrentUser\CA\

Import-Certificate -FilePath .\certificate.p7b -CertStoreLocation Cert:\CurrentUser\TrustedPublisher\


\\ Ivan
---
Twitter: @ivandemes
Blog: https://www.ivandemes.com