09/24/2009 9776 views
is it possible to run something like certmgr.exe or a bat file that runs it with paramaters to install a .cer from a network share?

example of certinstall.bat
certmgr -add -c "certname".cer -s -r localmachine root

and have the .cer in the same directory?
0 Comments   [ + ] Show comments


Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

All Answers

How hard would it be to test that?!? :)
Answered 09/25/2009 by: VBScab
Red Belt

not sure what you mean, but I an verify that the cert is installed.

i have a .cer, certmgr.exe and a .bat that installs the cert on a network share
from any command prompt I can run the following:

and install the cert.

How in the new KBOX scripting environment can i run or call the .bat form the network share.
Answered 10/13/2009 by: blambson
Senior Yellow Belt

So it's a question about KBox....it kind of helps to say that at th eoutset, since this is a generic 'Scripting' forum.

Unfortunately, I don't know KBox, preferring to use industry-standard stuff like VBScript or PowerShell.

Any KBoxers out there?
Answered 10/14/2009 by: VBScab
Red Belt

In the scripting area, just launch a program. Attach your bat file as a dependency. So the program to launch would end up looking something like this “$(KACE_DEPENDENCY_DIR)\batchfile.bat”

Haven't verified if I could point the launch a program thing at a UNC, would assume you could though.
Answered 10/15/2009 by: lindsamw
Orange Senior Belt

The KBOX Service runs under the localsystem account. To access the network share it needs rights like any other account. If you want to run a command via another account then you could use the runas batch command and put your batch file as a dependency.

Here's an FAQ that will help with your testing (you will need an active support contract to view it):
Answered 10/16/2009 by: GillySpy
7th Degree Black Belt

Attaching the certificate as a dependency gives you the additional benefit of the certificate being hashed and the hash checked before and after being downloaded to the client. Of course, you may want to do your own validation, in addition.

I'd make sure SSL is turned on so it's secure in transit, as well.

There was another thread here about the issues with distributing certificates.
Answered 10/20/2009 by: jkatkace
Purple Belt

Why don't you just copy the batch file to the pc and execute the command locally? you can specify the path of the certs in the script.
Answered 11/25/2009 by: jg1000c
Orange Belt

you need to map a drive with a username/password, then access it from there.... then disconnect it.
Answered 11/25/2009 by: dtuttle
Purple Belt

I was just reading this thread and had a couple of thoughts...

VBScab: This is a KBOX section of the forum. Our friend blambson posted in an appropriate area and asked a relevant question.

blambson: There a a few approaches that are echoed here, such as using a dependacy or mappin a drive inside the script. Dependency is the least fragile. mapping a drive in the script assumes that the password of the account never changes, granting access to local services for network resources could be dangerous if not cone carefully. Multiple dependencies can help here. Upload your script, certificate, and any other possible files needed like "certmgr" that might not be in the path variable on every machine. Thhen you can kick of the script as if everything is in the same folder (because it is). Hope that helps.
Answered 11/25/2009 by: cblake
Red Belt