Deploy pfx to users personal cert store for some users

Biju Thankappan 86 Reputation points
2021-08-26T01:57:24.85+00:00

Hi,

I'm looking for a way to deploy pfx file to users personal store when they login next time

I have already gone through this link: https://social.technet.microsoft.com/Forums/ie/en-US/d9c8eb61-5c15-4b81-9b9b-a20477462903/install-pfx-cert-in-user-personal-store-via-gpo?forum=winserverGP

However, owing to security issues, how do I encrypt the password so its not visible to end users? Also needed the powershell version of the script.

Also will the auto enrollment option mentioned in the above link work in this case?

TIA

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,798 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,205 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,932 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,389 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,391 Reputation points
    2021-08-26T11:35:52.633+00:00

    Hello @Biju Thankappan ,

    Thank you for your question.

    Please follow these steps, it will help you:

    Deploy a profile
    In the Configuration Manager console, go to the Assets and Compliance workspace. Expand Compliance Settings, expand Company Resource Access, and then choose the appropriate profile node. For example, Wi-Fi Profiles.

    In the list of profiles, select the profile that you want to deploy. Then in the Home tab of the ribbon, in the Deployment group, select Deploy.

    In the deploy profile window, specify the following information:

    Collection: Select the collection where you want to deploy the profile.

    Generate an alert: Enable this option to configure an alert. The site generates this alert if the profile compliance is less than the specified percentage by the specified date and time. You can also select whether you want an alert to be sent to System Center Operations Manager.

    Random delay (hours): For certificate profiles that contain Simple Certificate Enrollment Protocol (SCEP) settings, specify a delay window to avoid excessive processing on the Network Device Enrollment Service (NDES). The default value is 64 hours.

    Specify the compliance evaluation schedule for this...profile: Specify how often the client evaluates compliance for this profile. Select a Simple schedule or configure a Custom schedule. By default, the simple schedule is every 12 hours.

    Select OK to close the window and create the deployment.

    For more information please go through this link:
    https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/deploy-wifi-vpn-email-cert-profiles

    If the reply was helpful, please don't forget to upvote or accept as answer.

    Thanks,

    Bharti B

    0 comments