Solved

Code-signing certificate stores for machine account vs. user account: functional differences?

Posted on 2010-08-19
3
621 Views
Last Modified: 2013-11-27
I have a digitally signed Access MDE that I want to push out to roughly 35 workstations around our office and I want to code sign it such that any authenticated users on a given workstation can run the code.

On a test deploy to one workstation, I did a manual code-signing certificate request that stored the requested certificate in the User certificate store for the local user. I presume this would have to be done for each user account on the machine.

I noticed that there is also a store for the machine account. Can this be used to allow all users on a given machine to run a signed MDE without having to individually request certificates?
0
Comment
Question by:kkamm
  • 2
3 Comments
 
LVL 84
ID: 33476317
I don't believe you can do this without installing and configuring a "certificate server" (http://msdn.microsoft.com/en-us/library/aa376539(VS.85).aspx). Otherwise, you'll have to distribute this along with your app.

http://msdn.microsoft.com/en-us/library/Aa141471
0
 
LVL 1

Author Comment

by:kkamm
ID: 33481677
I have a CA installed and have successfully signed a couple of MDE files.

I guess my real question is: if a code sign certificate is installed for one local user, will other users be able to run the signed MDEs without having to respond to the trust prompt?

Better yet-can a certificate be pushed to all 35 workstations via group policy? I would like to avoid a 35  workstation walkabout, running through the certificate installation on each.
0
 
LVL 84

Accepted Solution

by:
Scott McDaniel (Microsoft Access MVP - EE MVE ) earned 500 total points
ID: 33483035
<if a code sign certificate is installed for one local user, will other users be able to run the signed MDEs without having to respond to the trust prompt?>

They have to respond once, to allow the install of the certificate (or someone would have to accept that cert for them). Once you've accepted the cert, you shouldn't be prompted again. Note also that supplying a code signing cert is only one step in the process. See the link below for a more complete discussion of everything needed for that:

http://office.microsoft.com/en-us/access-help/frequently-asked-questions-about-access-security-warnings-HA001122598.aspx

<Better yet-can a certificate be pushed to all 35 workstations via group policy?>

I'm not sure about that, but see this EE question that may help:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23998225.html
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
In Microsoft Access, when working with VBA, learn some techniques for writing readable and easily maintained code.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question