Hi all i have encountered a strange issue. I have a script that runs after windows 10 setup and i want to install OpenVPN by default silently (this works) and accept the certificate installation silently to do this now i have used and tested the code below via cmd: Code: certutil -addstore "TrustedPublisher" Tools\Silent\OpenVPN\OpenVPN.cer This works flawlessly and installs the certificate so no user interaction is required however, when ran after a setup via SetupComplete.cmd it does not work and you are prompted with the certificate installation box which needs to be accepted. Please can somebody explain why it doesn't work under this circumstance when it works correctly under Windows via cmd ? Please can somebody explain or show me how to bypass this and make it work? This is not the first time that i have encountered issues when running commands via SetupComplete.cmd i have managed to find ways around them previously but not for this. Maby @BAU or @abbodi1406 could help i know your guys scripting skills are unmatched!
Maybe -enterprise help? Code: certutil -enterprise -addstore TrustedPublisher Tools\Silent\OpenVPN\OpenVPN.cer
setupcomplete is run before any user is logged on, as system. You are not supposed to mess with CAs at machine level - when you run certutil as a logged on user certain stuff is inferred for you automatically. I think you have to add the certificate to the Trusted Root Certification as well to prevent prompts. And speaking of prompts - of course you did not deem it relevant, so we have to waste time testing or use our imagination to suspect it's about the certificate not being trusted as root. Anyway, if that's the case, an extra command should fix it: Code: certutil -addstore -f -v root Tools\Silent\OpenVPN\OpenVPN.cer certutil -addstore -f -v TrustedPublisher Tools\Silent\OpenVPN\OpenVPN.cer Not sure you need the enterprise stuff, but just in case: Code: certutil -addstore -enterprise -f -v root Tools\Silent\OpenVPN\OpenVPN.cer certutil -addstore -enterprise -f -v TrustedPublisher Tools\Silent\OpenVPN\OpenVPN.cer
@BAU @abbodi1406 Wanted to let you guys know i tested this. I was going to go in order of posts but the first one above worked perfectly! So i didnt get round to testing the other theories. Thank you both so much for your help!