Code-signing certificate stores for machine account vs. user account: functional differences?

I have a digitally signed Access MDE that I want to push out to roughly 35 workstations around our office and I want to code sign it such that any authenticated users on a given workstation can run the code.

On a test deploy to one workstation, I did a manual code-signing certificate request that stored the requested certificate in the User certificate store for the local user. I presume this would have to be done for each user account on the machine.

I noticed that there is also a store for the machine account. Can this be used to allow all users on a given machine to run a signed MDE without having to individually request certificates?
LVL 1
kkammAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Scott McDaniel (Microsoft Access MVP - EE MVE )Connect With a Mentor Infotrakker SoftwareCommented:
<if a code sign certificate is installed for one local user, will other users be able to run the signed MDEs without having to respond to the trust prompt?>

They have to respond once, to allow the install of the certificate (or someone would have to accept that cert for them). Once you've accepted the cert, you shouldn't be prompted again. Note also that supplying a code signing cert is only one step in the process. See the link below for a more complete discussion of everything needed for that:

http://office.microsoft.com/en-us/access-help/frequently-asked-questions-about-access-security-warnings-HA001122598.aspx

<Better yet-can a certificate be pushed to all 35 workstations via group policy?>

I'm not sure about that, but see this EE question that may help:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23998225.html
0
 
Scott McDaniel (Microsoft Access MVP - EE MVE )Infotrakker SoftwareCommented:
I don't believe you can do this without installing and configuring a "certificate server" (http://msdn.microsoft.com/en-us/library/aa376539(VS.85).aspx). Otherwise, you'll have to distribute this along with your app.

http://msdn.microsoft.com/en-us/library/Aa141471
0
 
kkammAuthor Commented:
I have a CA installed and have successfully signed a couple of MDE files.

I guess my real question is: if a code sign certificate is installed for one local user, will other users be able to run the signed MDEs without having to respond to the trust prompt?

Better yet-can a certificate be pushed to all 35 workstations via group policy? I would like to avoid a 35  workstation walkabout, running through the certificate installation on each.
0
All Courses

From novice to tech pro — start learning today.