After a lot of unsuccessful tries (even with Appsense Personalization Manager it’s hard to save and restore user certificates, if AppData is not redirected), I found a valuable way to export and import user certificates at Logoff / Logon.
- Powershell 2.0 installed
- Execution Policy must be set accordingly
- Users logging on / off must have the permission to execute scripts of course
These two scripts do the job.
- Exports all user certificates to a destination folder in a PKCS12 format (.pfx)
- Accepts filters based on issuer attributes
- Exports User or Machine Certificates from local cert store
Powershell.exe ./ExportCert.ps1 <destinationpath> <certstore> [optional <filter>]
Powershell.exe C:\Scripts\ExportCert.ps1 H:\Profile\Certs CurrentUser DC=Microsoft
This command exports all user certificates from CurrentUser store to H:\Profile\Certs and excludes certificates where issuer attribute contains “DC=Microsoft”
- Imports all Certificates within a given folder into User or Machine cert store
Powershell.exe ./ImportCert.ps1 <sourcepath> <certstore>
Powershell.exe C:\Scripts\ImportCert.ps1 H:\Profile\Certs CurrentUser
This command imports all user certificates into the CurrentUser store to H:\Profile\Certs
Integrating the scripts into a Appsense Environment Manager Config
As currently the Appsense EM does not support Powershell scripts as custom actions, we have to wrap the call of powershell scripts around a simple VBscript. If you download the scripts here, you’ll find usable examples for how to call the Import / Export Scripts at logon / logoff using EM custom actions.
- The scripts are provided as they are without any warranty. Use at your own risk
- The password for private key protection of the PFX is not that strong as it has to be automatically set on import, but I’m currently thinking about other possibilities.
- Any bugs or feature requests are welcome