I need to deploy a certificate to a mix of Windows machines, including XP, Win7, Server 2003 and 2008, for the purposes of using Locally Published Updates with WSUS. This is a Samba 3 network, so there are no GPO or similar tools available to me.
This question asks the same basic question but the OP in that case was able to utilise SCCM, which we don't have. Is there a viable way of doing this without the use of GPO or machine startup scripts (the implementation of which presents the same problems as I am currently facing)?
I believe you could use the certutil utility to install the certificate
Perhaps the following link may help:
http://mumblestiltskin.blogspot.com.au/2010/06/automating-installingimporting-pfx.html
He has detailed a couple of scenarios and a batch file that deploys a certificate to the local machine store.
The link posted by Enigman got me pretty close but the certificate I have is a cer, not a pfx (which I've never come across before). Plus the certificate needs to be put in two places on each machine. The solution which worked for me was to use these two lines in a batch file:
An important point to remember, at least for Win7 and Server 2008 targets, and I presume 2012 also, is that the batch file must be run as Administrator on the machine sending out the commands, which is a key step I'd left out previously. The username used in the commands should of course also have admin rights on the target.