bat file that calls from network share
is it possible to run something like certmgr.exe or a bat file that runs it with paramaters to install a .cer from a network share?
example of certinstall.bat
certmgr -add -c "certname".cer -s -r localmachine root
and have the .cer in the same directory?
example of certinstall.bat
certmgr -add -c "certname".cer -s -r localmachine root
and have the .cer in the same directory?
0 Comments
[ + ] Show comments
Answers (9)
Please log in to answer
Posted by:
blambson
15 years ago
not sure what you mean, but I an verify that the cert is installed.
i have a .cer, certmgr.exe and a .bat that installs the cert on a network share
from any command prompt I can run the following:
\\kboxmngt\client\agent_provisioning\windows_platform\wscert.bat
and install the cert.
How in the new KBOX scripting environment can i run or call the .bat form the network share.
i have a .cer, certmgr.exe and a .bat that installs the cert on a network share
from any command prompt I can run the following:
\\kboxmngt\client\agent_provisioning\windows_platform\wscert.bat
and install the cert.
How in the new KBOX scripting environment can i run or call the .bat form the network share.
Posted by:
anonymous_9363
15 years ago
Posted by:
lindsamw
15 years ago
In the scripting area, just launch a program. Attach your bat file as a dependency. So the program to launch would end up looking something like this “$(KACE_DEPENDENCY_DIR)\batchfile.batâ€Â
Haven't verified if I could point the launch a program thing at a UNC, would assume you could though.
Haven't verified if I could point the launch a program thing at a UNC, would assume you could though.
Posted by:
GillySpy
15 years ago
The KBOX Service runs under the localsystem account. To access the network share it needs rights like any other account. If you want to run a command via another account then you could use the runas batch command and put your batch file as a dependency.
Here's an FAQ that will help with your testing (you will need an active support contract to view it):
http://www.kace.com/support/customer/faq/index.php?action=artikel&cat=5&id=731&artlang=en
Here's an FAQ that will help with your testing (you will need an active support contract to view it):
http://www.kace.com/support/customer/faq/index.php?action=artikel&cat=5&id=731&artlang=en
Posted by:
jkatkace
15 years ago
Attaching the certificate as a dependency gives you the additional benefit of the certificate being hashed and the hash checked before and after being downloaded to the client. Of course, you may want to do your own validation, in addition.
I'd make sure SSL is turned on so it's secure in transit, as well.
There was another thread here about the issues with distributing certificates.
I'd make sure SSL is turned on so it's secure in transit, as well.
There was another thread here about the issues with distributing certificates.
Posted by:
jg1000c
15 years ago
Posted by:
dtuttle
15 years ago
Posted by:
cblake
15 years ago
I was just reading this thread and had a couple of thoughts...
VBScab: This is a KBOX section of the forum. Our friend blambson posted in an appropriate area and asked a relevant question.
blambson: There a a few approaches that are echoed here, such as using a dependacy or mappin a drive inside the script. Dependency is the least fragile. mapping a drive in the script assumes that the password of the account never changes, granting access to local services for network resources could be dangerous if not cone carefully. Multiple dependencies can help here. Upload your script, certificate, and any other possible files needed like "certmgr" that might not be in the path variable on every machine. Thhen you can kick of the script as if everything is in the same folder (because it is). Hope that helps.
VBScab: This is a KBOX section of the forum. Our friend blambson posted in an appropriate area and asked a relevant question.
blambson: There a a few approaches that are echoed here, such as using a dependacy or mappin a drive inside the script. Dependency is the least fragile. mapping a drive in the script assumes that the password of the account never changes, granting access to local services for network resources could be dangerous if not cone carefully. Multiple dependencies can help here. Upload your script, certificate, and any other possible files needed like "certmgr" that might not be in the path variable on every machine. Thhen you can kick of the script as if everything is in the same folder (because it is). Hope that helps.
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
so that the conversation will remain readable.