I located an article where a user wrote a bat and vbs script to silently install a certificate to their clients' machines in the Peronal store for each user:
Since Group Policy and Group Policy Preferences didn’t offer a way to import a .PFX certificate into a user’s Personal certificate store, I turned to scripting the solution.
I first placed the vendorcertificate.pfx on a network share (e.g. %LOGONSERVER%\netlogon\certificates\vendorcertificate.pfx).
Next I created a .BAT script named import-certificate.bat which runs this command:
certutil -f -user -p "CertificatePassword" -importpfx "%LOGONSERVER%\netlogon\certificates\vendorcertificate.pfx"
I then created a .VBS script named import-certificate-silently.vbs that will run the import-certificate.bat script silently (so the user does not see a flash of the CMD window when this runs):
Set oShell = CreateObject ("Wscript.Shell")
Dim strArgs
strArgs = "cmd /c %LOGONSERVER%\netlogon\certificates\import-certificate.bat"
oShell.Run strArgs, 0, falseI'm testing this on my local machine before pushing it out to my clients. I'm importing a .cer file so changed the script slightly:
certutil -f -user -importcert "\\server\path\certificate.cer"
This works perfectly; it brings up the certificate installation window and I can direct it to install to for the current user and select to install in the Personal store.
However, running the VBS script above (edited path to my file, of course) yields no results. I just get a quick processing circle flash and the certificate doesn't install.
Any advice on what I'm missing or another avenue to push this certificate easily to all client users' Personal stores?