Solved

Code-signing certificate stores for machine account vs. user account: functional differences?

Posted on 2010-08-19
3
619 Views
Last Modified: 2013-11-27
I have a digitally signed Access MDE that I want to push out to roughly 35 workstations around our office and I want to code sign it such that any authenticated users on a given workstation can run the code.

On a test deploy to one workstation, I did a manual code-signing certificate request that stored the requested certificate in the User certificate store for the local user. I presume this would have to be done for each user account on the machine.

I noticed that there is also a store for the machine account. Can this be used to allow all users on a given machine to run a signed MDE without having to individually request certificates?
0
Comment
Question by:kkamm
  • 2
3 Comments
 
LVL 84
ID: 33476317
I don't believe you can do this without installing and configuring a "certificate server" (http://msdn.microsoft.com/en-us/library/aa376539(VS.85).aspx). Otherwise, you'll have to distribute this along with your app.

http://msdn.microsoft.com/en-us/library/Aa141471
0
 
LVL 1

Author Comment

by:kkamm
ID: 33481677
I have a CA installed and have successfully signed a couple of MDE files.

I guess my real question is: if a code sign certificate is installed for one local user, will other users be able to run the signed MDEs without having to respond to the trust prompt?

Better yet-can a certificate be pushed to all 35 workstations via group policy? I would like to avoid a 35  workstation walkabout, running through the certificate installation on each.
0
 
LVL 84

Accepted Solution

by:
Scott McDaniel (Microsoft Access MVP - EE MVE ) earned 500 total points
ID: 33483035
<if a code sign certificate is installed for one local user, will other users be able to run the signed MDEs without having to respond to the trust prompt?>

They have to respond once, to allow the install of the certificate (or someone would have to accept that cert for them). Once you've accepted the cert, you shouldn't be prompted again. Note also that supplying a code signing cert is only one step in the process. See the link below for a more complete discussion of everything needed for that:

http://office.microsoft.com/en-us/access-help/frequently-asked-questions-about-access-security-warnings-HA001122598.aspx

<Better yet-can a certificate be pushed to all 35 workstations via group policy?>

I'm not sure about that, but see this EE question that may help:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23998225.html
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
In Microsoft Access, learn how to use Dlookup and other domain aggregate functions and one method of specifying a string value within a string. Specify the first argument, which is the expression to be returned: Specify the second argument, which …
With Microsoft Access, learn how to specify relationships between tables and set various options on the relationship. Add the tables: Create the relationship: Decide if you’re going to set referential integrity: Decide if you want cascade upda…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question