Set objShell = CreateObject(“Wscript.shell”)objShell.run(“powershell -executionpolicy bypass -windowstyle hidden -file \\<domain>\netlogon\Certificates\ImportPFX.ps1″)
function Import-PfxCertificate {
param([String]$certPath,[String]$certRootStore = “CurrentUser”,[String]$certStore = “My”,$pfxPass = $null)
$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
if ($pfxPass -eq $null) {$pfxPass = read-host “Enter the pfx password” -assecurestring}
$pfx.import($certPath,$pfxPass,”Exportable,PersistKeySet”)
$store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)
$store.open(“MaxAllowed”)
$store.add($pfx)
$store.close()
}
#*=============================================================================
#* SCRIPT BODY
#*=============================================================================
# Call the “Import-PfxCertificate” function.
Import-PfxCertificate “<path to certificate>\<Certificate.pfx>” “CurrentUser” “My” “<password>“
Import-PfxCertificate Command Syntax
Import-PfxCertificate
“<path to certificate>\<Certificate.pfx>” = Location of the Certificate File
“CurrentUser” = Personal User Store
“My” = Personal Cert Store
“<Password>” = Password of the PFX Certificate
I created an additional GPO and modified the Logon Script path to run the vbs file above.
In our case we wanted to deploy the certificates to users in a certain AD Group.