Forum Discussion

Credit12's avatar
Credit12
Copper Contributor
Nov 28, 2024

Install cert as admin for special user via windows admin center

Hi,

I try to install a cert, a website uses to auth the visit. That means I have to install it local and manually by logging into the user acc and install it under "CurrentUser\My". If I install it for the whole machine "LocalMachine\My" it will be ignored when I try to access the website (seems Chrome don't check these certs). Manually that works. But I want to make life easier using windows admin center. The problem is that I log into the machine with an admin account. When I navigate to cert, there is no option to import a cert for a special (different) user account. Is there a way to install it (maybe via powershell) for a special user without knowing his password? I mean - I'm the admin of that machine, I should be able to do that.

Thanks for any help!

  • micheleariis's avatar
    micheleariis
    Steel Contributor

    Hi, in Windows Admin Center you cannot install certificates directly into another user's CurrentUser\My. 
    You can, however, use the PowerShell section to run a script that loads the user's log (NTUSER.DAT) and imports the certificate into its context.

    Example Script:

    $certPath = “C:\path\to\certificate.pfx”
    $password = ConvertTo-SecureString -String “password” -AsPlainText -Force
    $userProfile = “C:\Users\<UserName>”

    reg load HKU\TempHive “$userProfile\NTUSER.DAT”
    Import-PfxCertificate -FilePath $certPath -CertStoreLocation Cert:\HKU\TempHive\My -Password $password
    reg unload HKU\TempHive

     

    • Credit12's avatar
      Credit12
      Copper Contributor

      Sounds good, I'll try that next week :)

      Do you also have a solution to delete the old expired cert? I think I can identify it via the fingerprint!?

  • Credit12's avatar
    Credit12
    Copper Contributor

    What does this mean:

    $password = ConvertTo-SecureString -String “password” -AsPlainText -Force

    Do I have to know the useres password?

  • micheleariis's avatar
    micheleariis
    Steel Contributor

    No, you don't need to know the user's password. it refers to the password of the certificate file (such as a .pfx file)

  • Credit12's avatar
    Credit12
    Copper Contributor

    Unfortunately I get an error @ fifth line:

    Import-PfxCertificate -FilePath $certPath -CertStoreLocation Cert:\HKU\TempHive\My -Password $password

    ->


    Import-PFxCertificate: Der Pfad "Cert: \HKU\TempHive My" kann nicht gefunden werden, da er nicht vorhanden ist.
    In Zeile:1 Zeichen:1
    Import-PixCertificate -FilePath ScertPath -CertStoreLocation Cert: \HK...
        + CategoryInfo : ObjectNotFound: (Cert:\HKU\TempHive\My:String) [Import-PfxCertificate), ItemNotFoundException
        + FullyQualifiedErrorId: PathNotFound, Microsoft.CertificateServices.Commands. ImportPfxCertificate

     

    I think the problem is this: "Cert:\HKU\TempHive\My" The path seems not correct.

Resources