Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 262
  • Last Modified:

Certificates and users moving PC's

We use a Web application that requires users to have a certificate.  The problem i have is that each user gets their own certificate. and not one that they all can use.  The issue gets even more fun since the users never know what PC they will be sitting at i have to go and install their certificate on the Pc they are at.  Does anyone know of a way either in a windows 2003 domain or program/utility that i can have it copy the users certificates when they log into windows?  I just want them to be able to jump from PC to PC without me having to go and install their certificate everytime. The clients are running Windows XP pro SP2 and IE 6

HELP!!!
0
charles18602
Asked:
charles18602
  • 5
  • 3
  • 3
  • +1
2 Solutions
 
merowingerCommented:
what about certificate auto-enrollment?
0
 
merowingerCommented:
what about certificate auto-enrollment?
0
 
charles18602Author Commented:
Ok i'll bite what is certificate auto enrollment
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
b1ackhawkCommented:
You could probably use roaming profiles, as long as theres nothing machine specific in the certificate to prevent this.
0
 
souseranCommented:
Roaming profiles.

Per Microsoft:

User certificates for each user profile are located in the following folder:

systemroot\Documents and Settings\username\Application Data\Microsoft\SystemCertificates\My\Certificates

These certificates are written to the users personal store in the system registry each time the user logs on to the computer. If roaming profiles are being used, users certificates are stored on the file server where the roaming user profile is stored
0
 
charles18602Author Commented:
These are certificates we get from a vendor to get on their website.  Not one we can issue ourselves
0
 
charles18602Author Commented:
I thought of Roaming profiles but we have a few sites and some of them do not have a very fast network access to pull their profiles accross.  
0
 
merowingerCommented:
with the utility certmgr.exe (has a commandline for scripting) stored in the windows sdk
u can write a procedure which copies the certificates to the new pc!
0
 
souseranCommented:
Are you using login scripts at all? If so, can you add the procedure to the users' login scripts?
0
 
charles18602Author Commented:
DO you have a example of the login script i can use.  I am not sure how to pull the certificate out and copy and import it to the next pc they log onto?
0
 
souseranCommented:
The login script will depend on whether or not you're using an application or writing it yourself. Tools such as ScriptLogic will require that the situation be treated differently. However, merowinger's autoenrollment suggestion might work best. Here is a URL from Microsoft with some more information on that:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx#EFD
0
 
charles18602Author Commented:
Ok i am really confused now after reading that article on Autoenrollment.  Maybe i am reading it wrong but it looks like that only works with certificates that i issue here through a certificate server and they need a smartcard?  We get the certificates from the web site they go to.  Will that work?  I am completely lost on this.  
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now