I am trying to deploy a user certificate that would reside in the current user certificate store that would be placed in the personal folder on our windows clients. The script works well but I would like to verify if the certificate exists first before I install the certificate. When the certificate is installed, it is not placed in registry, but in c:\users\[username]\AppData\Microsoft\SystemCertificates\My\Certificates\[filename] location.

I have the script to run as logged-in user, but I can't seem to verify if the file exists before I do a remediation. If I use the following with explicitly giving my username it works.

Verify a file exists...

If I try using an environment variable like the following, It does not work because it is looking under the system profile.

Verify a file exists...

It seems even though the script to install the cert is running as the logged in user and not as the system, the verify portion runs as the system account as I see this in the logs.

File does not exist: c:\users\C:\WINDOWS\system32\config\systemprofile\AppData\Microsoft\SystemCertificates\My\Certificates

Is this bug, by design or any way to verify if the file exists before I do remediation, instead of just installing it all the time? I would like to just leave this run once week or even once a day for the selected computers, if a new computer gets inventoried and meets smart label criteria and I can't really explicitly give usernames. 
1 Comment   [ + ] Show Comment


  • I am having same problem...any update on how to resolve?
Please log in to comment


there is a bug that the verify portion still runs as system.  there was a question a few weeks ago that a  DSG Ninja answered about a similar situation.


see the comments
Answered 01/06/2016 by: SMal.tmcc
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity
Admin Script Editor
Admin Script Editor is an integrated scripting environment available free here at ITNinja