+1.
We just rolled out new root and intermediate certs to 1600 machines via GPO. Now dealing with the private cert store Firefox keeps is another matter... Then there are the Macs... -sc From: Andrew S. Baker [mailto:[email protected]] Sent: Monday, April 18, 2011 3:03 PM To: NT System Admin Issues Subject: Re: Help with Run as Administrator Compatibility mode - UAC in Windows 7 If UAC were that easily bypassed, it would be thoroughly abused by malware... If you have a Windows Domain, then use a GPO to add the cert to everyone's system. Or set it up as a one-time scheduled job. The SYSTEM rights should be sufficient. Or, try to use CPUA http://www.joeware.net/freetools/tools/cpau/index.htm ASB (Professional Bio <http://about.me/Andrew.S.Baker/bio> ) Harnessing the Advantages of Technology for the SMB market... On Mon, Apr 18, 2011 at 2:46 PM, Jonathan <[email protected]> wrote: Ok, I'm beating my head against the wall here, and Google isn't providing me much by way of insight. I believe this is a UAC issue, but being new to Win7 (I never used Vista), I'm at a loss. I need to install a certificate to the Trusted Root store via a batch file. The trick is, this is being done on laptops that are remotely connected via vpn and are not members of the domain. I've got this command in my batch file: certmgr.exe -add mycertname.cer -s -r localMachine ROOT It works like a champ IF I travel to where I have copied CertMgr.exe (in this case I used the env variable %TEMP%) and right click on certmgr.exe. I go into the compatibility tab and click the checkbox for "Run as Administrator". Is there any way to change that setting from the command line? I'm trying to make this batch as silent and end-user friendly as possible, and this is the ONLY thing keeping me from deploying it. -- Jonathan, A+, MCSA, MCSE ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
