GPO propagates certificate to Trusted People instead of Personal folder

Question

Hi,

I have a GPO which pushes a certificate to specific users. In the GP Management Editor, the certificate is located at 'User Configuration / Policies / Windows Settings / Security Settings / Public Key Policies / Trusted People'. I got it working after this advice - thanks FanFan https://learn.microsoft.com/answers/answers/228765/view.html

However, GP pushes the certificate to the client machine Certificate Store under 'Certificates - Current User / Trusted People'. This doesn't get picked up by SQL Server to decrypt the columns, because the default location for master key certificates is 'Certificates - Current User / Personal'.

Can I force the GP to push the certificate to the 'Personal' folder instead of 'Trusted People'? Or can I change the location for SQL Server master key certificates?

Thanks,

Jack

Answer 1

Hi,

For the GPO part, based on my research , there is not such a setting to push the certificate to the 'Personal' folder instead of 'Trusted People"
But a logon script and schedule task can be considered to do this.
Following link for your reference:
https://jasonpearce.com/2012/02/02/import-pfx-certificate-via-group-policy-preferences/(Third-party link)
This response contains a third-party link. We provide this link for easy reference. Microsoft cannot guarantee the validity of any information and content in this link.
Best Regards,

Answer 2

Thanks FanFan, checking out the link. That may be the way to go.
Jack