I am trying to deploy a user certificate that would reside in the current user certificate store that would be placed in the personal folder on our windows clients. The script works well but I would like to verify if the certificate exists first before I install the certificate. When the certificate is installed, it is not placed in registry, but in c:\users\[username]\AppData\Microsoft\SystemCertificates\My\Certificates\[filename] location.


I have the script to run as logged-in user, but I can't seem to verify if the file exists before I do a remediation. If I use the following with explicitly giving my username it works.

Verify a file exists...
Directory:  
File:  

If I try using an environment variable like the following, It does not work because it is looking under the system profile.

Verify a file exists...
Directory:  
File:  

It seems even though the script to install the cert is running as the logged in user and not as the system, the verify portion runs as the system account as I see this in the logs.

File does not exist: c:\users\C:\WINDOWS\system32\config\systemprofile\AppData\Microsoft\SystemCertificates\My\Certificates

Is this bug, by design or any way to verify if the file exists before I do remediation, instead of just installing it all the time? I would like to just leave this run once week or even once a day for the selected computers, if a new computer gets inventoried and meets smart label criteria and I can't really explicitly give usernames. 
1 Comment   [ + ] Show Comment

Comments

  • I am having same problem...any update on how to resolve?
Please log in to comment

Answers

0
there is a bug that the verify portion still runs as system.  there was a question a few weeks ago that a  DSG Ninja answered about a similar situation.

http://www.itninja.com/question/trying-to-remove-see-if-a-specific-file-from-users-desktops

see the comments
Answered 01/06/2016 by: SMal.tmcc
Red Belt

  • I have experienced this same problem ever since upgrading the agents to 6.4, works fine with 6.0 agents. My understanding is this is fixed with agent 7 but have not upgraded yet, but, have a work around. I created a new online kscript set to run and user with this program launch command:

    Directory: SYS
    File: cmd.exe
    x - Wait for completion
    Parameters: /C dir /b "C:\users\%username%\AppData\Roaming\Autodesk\ApplicationPlugins" > c:\Temp\ACADplugins.txt

    Then I created a software custom inventory rule to get and .txt file and report the findings:
    ShellCommandTextReturn(cmd /c type c:\temp\ACADplugins.txt)
Please log in to comment
Answer this question or Comment on this question for clarity