Make a SCCM Deployment dependent on the presence of a User Certificate
We are trying to deploy a certain configuration to our clients where the presence of a specific user certificate is a requirement.
That means that i need to find a way to deploy that sccm configuration only if that client has that certificate before that deployment is being triggered.
The problem here is, that this configuration will only work if that certain cert is already present, which means that if we deploy it to a client without the certificate available, it will cause the client to not be able to access the domain anymore.
Answers (1)
I had a quick google, and google states you can not look into another users Cert Store.
So with that in mind. What you could do is create a script that runs in the user context and checks for the cert, and if the cert if found then put a marker down. ie most easliy a file somewhere in the c drive, you could try HKLM, but the user will not likely have access.
With the above, you could either, do a hardware inventory for the file and create a collection off the results. OR just have the file existing as a requirement before it runs.
Its not the best, but it will be better than nothing.
Remember to test test test!
And also give some thought to other users who might use the computer but not have the cert.
