Solved

Importing a certificate fails due to lack of permissions

Posted on 2013-12-03
2
192 Views
Last Modified: 2013-12-06
Hello
Attempting to import 2 certs on a Windows 7 clients into the users personal user store and the CA stores with a CertUtil bat script. The script works fine but, only when the logged in user has local administrator rights. Any idea's how I get these scripts to run without giving the user local administrator rights? Open to other ideas and approaches as well.
Thanks
0
Comment
Question by:jwill80
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Accepted Solution

by:
Steven Harris earned 500 total points
ID: 39693990
You can have the script call itself with PsExec's -h option to run elevated.

or you can move over to PowerShell which can run most of the cmd scripts.

If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))

{   
$arguments = "& '" + $myinvocation.mycommand.definition + "'"
Start-Process powershell -Verb runAs -ArgumentList $arguments
Break
}

#YOUR CODE HERE

Open in new window

0
 
LVL 1

Author Comment

by:jwill80
ID: 39700573
Thanks. Tried using a power shell script and it imports the machine cert into the users personal machine store, and used GPO to target the root  cert. However, the client isn't authenticating even thought the certs are in the proper stores. Reviewing logs to see what the issue is.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question