This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 60%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi.
Accountants and other employees have many certificates for bank clients and other services.
We are using a terminal farm.
How can I distribute certificates to all users and servers? Without any action on the part of users.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 28.999999999999996%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVW%3C/text%3E%3C/svg%3E)
Hi,
Thank you for your reply
I want to confirm with you, do you mean to install the certificate in the persional store instead of Trusted Root Certification Authorities.
If yes, you can consider the following method
1 Is it a certificate distributed by a CA in the domain, if it can be used auto-enrollment policy:
https://learn.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/configure-server-certificate-autoenrollment
2. If you have other certificates, you can consider script distribution, refer to the following link:
https://social.technet.microsoft.com/Forums/ie/en-US/25ec4817-d631-444d-b7b7-9934f87e8093/deploying-computer-certificate-to-the-personal-computer-store-using-group-policy?forum=winserverGP
Hope this information can help you
Best wishes
Vicky
Hi,
Thank you for posting in our forum
To distribute certificates to client computers by using Group Policy
On a domain controller in the forest of the account partner organization, start the Group Policy Management snap-in.
Find an existing Group Policy Object (GPO) or create a new GPO to contain the certificate settings. Ensure that the GPO is associated with the domain, site, or organizational unit (OU) where the appropriate user and computer accounts reside.
Right-click the GPO, and then click Edit.
In the console tree, open Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies, right-click Trusted Root Certification Authorities, and then click Import.
On the Welcome to the Certificate Import Wizard page, click Next.
On the File to Import page, type the path to the appropriate certificate files (for example, \fs1\c$\fs1.cer), and then click Next.
On the Certificate Store page, click Place all certificates in the following store, and then click Next.
On the Completing the Certificate Import Wizard page, verify that the information you provided is accurate, and then click Finish.
Repeat steps 2 through 6 to add additional certificates for each of the federation servers in the farm.
Hope this information can help you
Best wishes
Vicky
It doesn't work for personal certificates
Hi,
How are things going? Could you please send me an update so that we can continue to work on this problem and resolve it? Thanks for your help.
Best wishes
Vicky
I realized that I needed to write a script. But I need time, I have little experience in this.