I am planning to:

Remediation>Run a batch file...

using KBOX scripting. Seems like the certutil section is not working. How I can achieve my goal.

msiexec.exe /i $(KACE_DEPENDENCY_DIR)\vpnclient_setup.msi /qn /norestart /log vpn.log
msiexec.exe /i $(KACE_DEPENDENCY_DIR)\ActivClient.msi /qn /norestart PINCHANGETOOLREQ=-1 PINCHANGETOOLREQ=-1 /log ActivClient.log
msiexec.exe /update $(KACE_DEPENDENCY_DIR)\FIXS1110013.msp /qn /norestart /log update.log
msiexec.exe /i $(KACE_DEPENDENCY_DIR)\idondemand_updater_plugin.msi /qn /norestart /log plugin.log
cmd /c certutil -addstore Root  $(KACE_DEPENDENCY_DIR)\RootCA.crt
cmd /c certutil -addstore CA  $(KACE_DEPENDENCY_DIR)\CA.crt
Answer Summary:
3 Comments   [ + ] Show Comments


  • Hmmm..."not working." Could you be a little more vague? There's too much information here to go on.

    As a kick-off, I would recommend *always* including the full path to files you're calling in script. So...

    %SystemRoot%\SYSTEM32\CMD /C %SystemRoot%\SYSTEM32\CERTUTIL -addstore [etc.]
  • I can see a double space between "Root $" :D
  • you also should use a start /wait at the start of each line in the batch file to keep commands in sequence.
Please log in to comment



are these commands working manually by directly putting those on Admin cmd?

Answered 09/05/2013 by: MadForMsi
Blue Belt

  • run a batch using certreq.exe and certutil.exe using certadm.dll and certcli.dll google those
  • Its all good now. Found two issues.
    1) removed the $(KACE_DEPENDENCY_DIR)\, as somehow its not able to find the ref files while I run a Batch file from the script.

    2) As KBOX executes script/batch as system user/Admin user and our pcs has users Home folder (i.e. Documents) on Network share & Admin account don't have Home network folder (H: share), the installation was failing always. So fooled the system my mapping to itself while running the BAT.

    start /wait net use H: \\localhost\c$
    start /wait msiexec.exe /i vpnclient_setup.msi /qn /norestart /log vpn.log
    start /wait msiexec.exe /i ActivClient.msi /qn /norestart PINCHANGETOOLREQ=-1 PINCHANGETOOLREQ=-1 /log ActivClient.log
    start /wait msiexec.exe /update FIXS1110013.msp /qn /norestart /log vpn_update.log
    start /wait msiexec.exe /i idondemand_updater_plugin.msi /qn /norestart /log vpn_plugin.log
    start /wait net use /delete H:
    start /wait certutil -addstore Root RootCA.crt
    start /wait certutil -addstore CA CA.crt

    Now all good. Thanks to all.
Please log in to comment
Answer this question or Comment on this question for clarity