Code-signing certificate stores for machine account vs. user account: functional differences?

I have a digitally signed Access MDE that I want to push out to roughly 35 workstations around our office and I want to code sign it such that any authenticated users on a given workstation can run the code.

On a test deploy to one workstation, I did a manual code-signing certificate request that stored the requested certificate in the User certificate store for the local user. I presume this would have to be done for each user account on the machine.

I noticed that there is also a store for the machine account. Can this be used to allow all users on a given machine to run a signed MDE without having to individually request certificates?
LVL 1
kkammAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott McDaniel (Microsoft Access MVP - EE MVE )Infotrakker SoftwareCommented:
I don't believe you can do this without installing and configuring a "certificate server" (http://msdn.microsoft.com/en-us/library/aa376539(VS.85).aspx). Otherwise, you'll have to distribute this along with your app.

http://msdn.microsoft.com/en-us/library/Aa141471
0
kkammAuthor Commented:
I have a CA installed and have successfully signed a couple of MDE files.

I guess my real question is: if a code sign certificate is installed for one local user, will other users be able to run the signed MDEs without having to respond to the trust prompt?

Better yet-can a certificate be pushed to all 35 workstations via group policy? I would like to avoid a 35  workstation walkabout, running through the certificate installation on each.
0
Scott McDaniel (Microsoft Access MVP - EE MVE )Infotrakker SoftwareCommented:
<if a code sign certificate is installed for one local user, will other users be able to run the signed MDEs without having to respond to the trust prompt?>

They have to respond once, to allow the install of the certificate (or someone would have to accept that cert for them). Once you've accepted the cert, you shouldn't be prompted again. Note also that supplying a code signing cert is only one step in the process. See the link below for a more complete discussion of everything needed for that:

http://office.microsoft.com/en-us/access-help/frequently-asked-questions-about-access-security-warnings-HA001122598.aspx

<Better yet-can a certificate be pushed to all 35 workstations via group policy?>

I'm not sure about that, but see this EE question that may help:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23998225.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Access

From novice to tech pro — start learning today.