Share via

Deploy pfx to users personal cert store for some users

Biju Thankappan 86 Reputation points
2021-08-26T01:57:24.85+00:00

Hi,

I'm looking for a way to deploy pfx file to users personal store when they login next time

I have already gone through this link: https://social.technet.microsoft.com/Forums/ie/en-US/d9c8eb61-5c15-4b81-9b9b-a20477462903/install-pfx-cert-in-user-personal-store-via-gpo?forum=winserverGP

However, owing to security issues, how do I encrypt the password so its not visible to end users? Also needed the powershell version of the script.

Also will the auto enrollment option mentioned in the above link work in this case?

TIA

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | PowerShell
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Client for IT Pros | User experience | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,926 Reputation points
    2021-08-26T11:35:52.633+00:00

    Hello @Biju Thankappan ,

    Thank you for your question.

    Please follow these steps, it will help you:

    Deploy a profile
    In the Configuration Manager console, go to the Assets and Compliance workspace. Expand Compliance Settings, expand Company Resource Access, and then choose the appropriate profile node. For example, Wi-Fi Profiles.

    In the list of profiles, select the profile that you want to deploy. Then in the Home tab of the ribbon, in the Deployment group, select Deploy.

    In the deploy profile window, specify the following information:

    Collection: Select the collection where you want to deploy the profile.

    Generate an alert: Enable this option to configure an alert. The site generates this alert if the profile compliance is less than the specified percentage by the specified date and time. You can also select whether you want an alert to be sent to System Center Operations Manager.

    Random delay (hours): For certificate profiles that contain Simple Certificate Enrollment Protocol (SCEP) settings, specify a delay window to avoid excessive processing on the Network Device Enrollment Service (NDES). The default value is 64 hours.

    Specify the compliance evaluation schedule for this...profile: Specify how often the client evaluates compliance for this profile. Select a Simple schedule or configure a Custom schedule. By default, the simple schedule is every 12 hours.

    Select OK to close the window and create the deployment.

    For more information please go through this link:
    https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/deploy-wifi-vpn-email-cert-profiles

    If the reply was helpful, please don't forget to upvote or accept as answer.

    Thanks,

    Bharti B

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.