KACE Product Support

How hard would it be to test that?!? :)

not sure what you mean, but I an verify that the cert is installed.

i have a .cer, certmgr.exe and a .bat that installs the cert on a network share
from any command prompt I can run the following:
\\kboxmngt\client\agent_provisioning\windows_platform\wscert.bat

and install the cert.

How in the new KBOX scripting environment can i run or call the .bat form the network share.

So it's a question about KBox....it kind of helps to say that at th eoutset, since this is a generic 'Scripting' forum.

Unfortunately, I don't know KBox, preferring to use industry-standard stuff like VBScript or PowerShell.

Any KBoxers out there?

In the scripting area, just launch a program. Attach your bat file as a dependency. So the program to launch would end up looking something like this “$(KACE_DEPENDENCY_DIR)\batchfile.bat”

Haven't verified if I could point the launch a program thing at a UNC, would assume you could though.

The KBOX Service runs under the localsystem account. To access the network share it needs rights like any other account. If you want to run a command via another account then you could use the runas batch command and put your batch file as a dependency.

Here's an FAQ that will help with your testing (you will need an active support contract to view it):
http://www.kace.com/support/customer/faq/index.php?action=artikel&cat=5&id=731&artlang=en

Attaching the certificate as a dependency gives you the additional benefit of the certificate being hashed and the hash checked before and after being downloaded to the client. Of course, you may want to do your own validation, in addition.

I'd make sure SSL is turned on so it's secure in transit, as well.

There was another thread here about the issues with distributing certificates.

Why don't you just copy the batch file to the pc and execute the command locally? you can specify the path of the certs in the script.

you need to map a drive with a username/password, then access it from there.... then disconnect it.

I was just reading this thread and had a couple of thoughts...

VBScab: This is a KBOX section of the forum. Our friend blambson posted in an appropriate area and asked a relevant question.

blambson: There a a few approaches that are echoed here, such as using a dependacy or mappin a drive inside the script. Dependency is the least fragile. mapping a drive in the script assumes that the password of the account never changes, granting access to local services for network resources could be dangerous if not cone carefully. Multiple dependencies can help here. Upload your script, certificate, and any other possible files needed like "certmgr" that might not be in the path variable on every machine. Thhen you can kick of the script as if everything is in the same folder (because it is). Hope that helps.