I am trying to deploy a user certificate that would reside in the current user certificate store that would be placed in the personal folder on our windows clients. The script works well but I would like to verify if the certificate exists first before I install the certificate. When the certificate is installed, it is not placed in registry, but in c:\users\[username]\AppData\Microsoft\SystemCertificates\My\Certificates\[filename] location.

I have the script to run as logged-in user, but I can't seem to verify if the file exists before I do a remediation. If I use the following with explicitly giving my username it works.

Verify a file exists...

If I try using an environment variable like the following, It does not work because it is looking under the system profile.

Verify a file exists...

It seems even though the script to install the cert is running as the logged in user and not as the system, the verify portion runs as the system account as I see this in the logs.

File does not exist: c:\users\C:\WINDOWS\system32\config\systemprofile\AppData\Microsoft\SystemCertificates\My\Certificates

Is this bug, by design or any way to verify if the file exists before I do remediation, instead of just installing it all the time? I would like to just leave this run once week or even once a day for the selected computers, if a new computer gets inventoried and meets smart label criteria and I can't really explicitly give usernames. 
1 Comment   [ - ] Hide Comment


  • I am having same problem...any update on how to resolve?
Please log in to comment

Answer this question or Comment on this question for clarity


there is a bug that the verify portion still runs as system.  there was a question a few weeks ago that a  DSG Ninja answered about a similar situation.


see the comments
Answered 01/06/2016 by: SMal.tmcc
Red Belt

  • I have experienced this same problem ever since upgrading the agents to 6.4, works fine with 6.0 agents. My understanding is this is fixed with agent 7 but have not upgraded yet, but, have a work around. I created a new online kscript set to run and user with this program launch command:

    Directory: SYS
    File: cmd.exe
    x - Wait for completion
    Parameters: /C dir /b "C:\users\%username%\AppData\Roaming\Autodesk\ApplicationPlugins" > c:\Temp\ACADplugins.txt

    Then I created a software custom inventory rule to get and .txt file and report the findings:
    ShellCommandTextReturn(cmd /c type c:\temp\ACADplugins.txt)
Please log in to comment
Admin Script Editor
Admin Script Editor is an integrated scripting environment available free here at ITNinja