read the certificate from personal store using SCCM in windows 10

Mahendran M 21 Reputation points

Hi Team

we are using SCCM Tool to deploy the package for all windows 10 and reading the system information in store in SCCM DB.

Current requirement : We need to read the certificates from machine level and user level in personal store and saved in SCCM Database

Certificate Location : Personal store

Type of Certificate :

  1. Current machine
  2. Current user

Operating System : windows 10

Please confirm me whether it is possible

Microsoft Configuration Manager
{count} votes

8 answers

Sort by: Most helpful
  1. Garth Jones 2,071 Reputation points

    Is what you looking for built in mecm? No. Can you added this as custom inventory? Yes. A bing search will help you do this.

    0 comments No comments

  2. AllenLiu-MSFT 27,661 Reputation points Microsoft Vendor

    Hi, @Mahendran M
    Thank you for posting in Microsoft Q&A forum.
    SCCM cannot get the certificate information from clients directly like Garth said.
    We can first inject certificates info into WMI by using the VBscript Tool.
    Then use sccm custom hardware inventory to collect the info from WMI, for the detailed steps, we may refer to Sherry's answer in another thread:

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  3. Mahendran M 21 Reputation points

    Thanks for your clarifications.

    SCCM can read the certificate from Machine level but current user is not working...

    OS : Windows 10 and Windows 7

    Scripts : Powershell

    Cert:\LocalMachine\My --> working fine

    Cert:\currentuser\my -->not working

    0 comments No comments

  4. Garth Jones 2,071 Reputation points

    You will need to give more details as to why it is not working. What exactly are you doing?

    0 comments No comments

  5. Nicholas Walker 1 Reputation point

    I am trying to do exactly the same thing.
    So far I am considering creating a scheduled task that runs when the user logs on to write the user certificate information to WMI. From there it is easy to collect it.

    I guess an application/package or even compliance item could be used to create such a scheduled task.

    But maybe someone has a some more elegant idea?