PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,204 questions
[Import-Certificate], UnauthorizedAccessException E_ACCESSDENIED when tring to import cert into Cert:\LocalMachine\TrustedPublisher
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 86%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
Julien POULAIN
0
Reputation points
Hi,
I'm really struggling with this one! So a bit of context first : I'm using a powershell module that I've made on my own. This module automatically creates à hyper-v VM, installs windows in it, runs scripts that install applications silently, syspreps and makes all of this into a wim ready to be deployed with configuration manager. I use PowerShell Direct to create remote PS sessions to run the code inside the VM. I do using on the host Invoke-Command -Session $Session -ScriptBlock $ScriptBlock. $ScriptBlock containsthe code to be executed remotly.
In some script, I try to import certificates into the local machine TrustedPublisher store to make app install totaly silent. On a fresh windows install on the VM, it's not working.
The code I'm using for this is
Import-Certificate -FilePath ".\adafruit_industries.cer" -CertStoreLocation "Cert:\LocalMachine\TrustedPublisher"
The error is
Accès refusé. (Exception de HRESULT : 0x80070005 (E_ACCESSDENIED))
+ CategoryInfo : NotSpecified: (:) [Import-Certificate], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.CertificateServices.Commands.ImportCertificateCommand
+ PSComputerName : wim-test-wif
Eveything is run on the vm with the local administrator account, since it's a french version of windows, the account name is Administrateur.
If I log in to the VM with a graphical session using the administrator account, open the Computer Cert Manager App (certlm) and brows what's inside TrustedPublisher, there is nothing. And then, the very same exact code that before didn't work, suddently works! For any certificate! I've tried may things, did a lot of research, i still cannot understand what's going on.
Oddly, whith a fresh install, i can import certificat in the localmachine Root store:
Import-Certificate -FilePath ".\adafruit_industries.cer" -CertStoreLocation "Cert:\LocalMachine\Root"
So I'm wondering what's different that makes it work with the Root store but not the TrustedPulisher one.
I'm also wondering if there is something that needs to be initiated so that the Administrateur user cann access the TrustedPublisher store. Does it have something to do with the graphical session or the fact that the account is name Administrateur and not Administrator ? I don't know.
I tried before importing the cert to set-location to the store or to browse it but nothing changes. I tried with certutils, no better luck.
Any piece of advice would be much appreciated!
Thanks,