0

I have created a bat file to install a certificate in a users CurrentUser's Trusted Root CA if a CA thumprint is not found, however I want to install this without the install dialog popping up for the user to click install. Is this even possible? I have seen some post on here regarding powershell and bypass execution policies but they still did not solve my issue regarding installing the cert without user interaction. Can this be done from a cmd and a bat file?

My script so far:

@ECHO OFF
powershell -command "if (-not (dir cert:\currentuser\root | Where-Object {$_.Thumbprint -eq '2983b93a21c8e5bf6528b798f5782dfdfd9dbab2c'})) {$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2; $cert.Import('C:/myCert.cer'); $store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root", "CurrentUser"; $store.Open('ReadWrite'); $store.Add($cert); $store.Close();}"

I would format my command but adding newline character to the cmd code does not seem allowed.

Irish Redneck
  • 983
  • 7
  • 32
  • 3
    Technically your question is not about an issue with your posted code, it is about whether you can add a certificate to a users store without Windows security prompting that user. For that reason, I'd suggest that you may have been better posting your question to [Super User](https://superuser.com/questions/ask) which deals with software and Operating Systems instead. _Also FYI, as the issue is the GUI prompt when adding the certificate, it has no relationship to the tags [[tag:cmd]] or [[tag:batch-file]], which are simply a medium from which you invoked your [[tag:powershell]] command._ – Compo Sep 15 '21 at 13:11
  • I would optimize code like this: `if (!( Test-Path cert:\currentuser\root\2983b93a21c8e5bf6528b798f5782dfdfd9dbab2c)) {Import-Certificate -FilePath c:\myCert.cer -Cert Cert:\CurrentUser\Root"}`. But it seems that "Trusted Root Certification Authorities" is protected by UAC. – Daemon-5 Sep 15 '21 at 16:49
  • To confirm certificate import you can use next tricky way. Find confirmation dialog window . Get window's handle. Find "Yes" button handle. Then send `BM_CLICK` message to button by [SendMessage](http://learn.microsoft.com/ru-ru/windows/win32/api/winuser/nf-winuser-sendmessage). This is [window search example](https://stackoverflow.com/questions/25780138/). – Daemon-5 Sep 15 '21 at 17:15

0 Answers0