Solved

Code-signing certificate stores for machine account vs. user account: functional differences?

Posted on 2010-08-19
3
622 Views
Last Modified: 2013-11-27
I have a digitally signed Access MDE that I want to push out to roughly 35 workstations around our office and I want to code sign it such that any authenticated users on a given workstation can run the code.

On a test deploy to one workstation, I did a manual code-signing certificate request that stored the requested certificate in the User certificate store for the local user. I presume this would have to be done for each user account on the machine.

I noticed that there is also a store for the machine account. Can this be used to allow all users on a given machine to run a signed MDE without having to individually request certificates?
0
Comment
Question by:kkamm
  • 2
3 Comments
 
LVL 84
ID: 33476317
I don't believe you can do this without installing and configuring a "certificate server" (http://msdn.microsoft.com/en-us/library/aa376539(VS.85).aspx). Otherwise, you'll have to distribute this along with your app.

http://msdn.microsoft.com/en-us/library/Aa141471
0
 
LVL 1

Author Comment

by:kkamm
ID: 33481677
I have a CA installed and have successfully signed a couple of MDE files.

I guess my real question is: if a code sign certificate is installed for one local user, will other users be able to run the signed MDEs without having to respond to the trust prompt?

Better yet-can a certificate be pushed to all 35 workstations via group policy? I would like to avoid a 35  workstation walkabout, running through the certificate installation on each.
0
 
LVL 84

Accepted Solution

by:
Scott McDaniel (Microsoft Access MVP - EE MVE ) earned 500 total points
ID: 33483035
<if a code sign certificate is installed for one local user, will other users be able to run the signed MDEs without having to respond to the trust prompt?>

They have to respond once, to allow the install of the certificate (or someone would have to accept that cert for them). Once you've accepted the cert, you shouldn't be prompted again. Note also that supplying a code signing cert is only one step in the process. See the link below for a more complete discussion of everything needed for that:

http://office.microsoft.com/en-us/access-help/frequently-asked-questions-about-access-security-warnings-HA001122598.aspx

<Better yet-can a certificate be pushed to all 35 workstations via group policy?>

I'm not sure about that, but see this EE question that may help:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23998225.html
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question