question

MahendranM-6808 avatar image
0 Votes"
MahendranM-6808 asked ·

read the certificate from personal store using SCCM in windows 10

Hi Team

we are using SCCM Tool to deploy the package for all windows 10 and reading the system information in store in SCCM DB.

Current requirement : We need to read the certificates from machine level and user level in personal store and saved in SCCM Database

Certificate Location : Personal store

Type of Certificate :
1. Current machine
2. Current user

Operating System : windows 10

Please confirm me whether it is possible

mem-cm-general
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

It seems the issue is more related to sccm, so I removed the windows-10 tag, thanks for your understanding!

0 Votes 0 ·
GarthJones-MVP avatar image
0 Votes"
GarthJones-MVP answered ·

Is what you looking for built in mecm? No. Can you added this as custom inventory? Yes. A bing search will help you do this.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AllenLiu-MSFT avatar image
0 Votes"
AllenLiu-MSFT answered ·

Hi, @MahendranM-6808
Thank you for posting in Microsoft Q&A forum.
SCCM cannot get the certificate information from clients directly like Garth said.
We can first inject certificates info into WMI by using the VBscript Tool.
Then use sccm custom hardware inventory to collect the info from WMI, for the detailed steps, we may refer to Sherry's answer in another thread:
https://social.technet.microsoft.com/Forums/en-US/53170213-4711-49fe-a867-698069a553c0/inventory-computer-certificates-in-wmi?forum=configmanagergeneral


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MahendranM-6808 avatar image
0 Votes"
MahendranM-6808 answered ·

Thanks for your clarifications.

SCCM can read the certificate from Machine level but current user is not working...

OS : Windows 10 and Windows 7

Scripts : Powershell

Cert:\LocalMachine\My --> working fine

Cert:\currentuser\my -->not working

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GarthJones-MVP avatar image
0 Votes"
GarthJones-MVP answered ·

You will need to give more details as to why it is not working. What exactly are you doing?

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

NicholasWalker-0114 avatar image
0 Votes"
NicholasWalker-0114 answered ·

I am trying to do exactly the same thing.
So far I am considering creating a scheduled task that runs when the user logs on to write the user certificate information to WMI. From there it is easy to collect it.

I guess an application/package or even compliance item could be used to create such a scheduled task.

But maybe someone has a some more elegant idea?

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

And is it working? What isn't happening?

0 Votes 0 ·
NicholasWalker-0114 avatar image
0 Votes"
NicholasWalker-0114 answered ·

btw - it is apparently not possible to access user certificate stores when running under system context.
I will be happy if someone proves me wrong here :-)

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GarthJones-MVP avatar image
0 Votes"
GarthJones-MVP answered ·

So are you running the deployment in the user content?

· 6 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

We need to run in user content but I need to get an idea from Microsoft team with additional support exe will solve the issues

0 Votes 0 ·

What exact do you mean by Microsoft team to support an exe? SCCM supports exe, so....

0 Votes 0 ·

To execute the script from system context to user context like runas current user

0 Votes 0 ·
Show more comments
NicholasWalker-0114 avatar image
0 Votes"
NicholasWalker-0114 answered ·

Sorry, just assumed I would automatically get email notification on activity here...

You are absolutely correct - I just needed to add a user based compliance item to get the user certificates. Strange how I actually answered my own question :-(

Thanks for the virtual shake :-)

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.