7

If I'm logged in as a normal user, how can I download/enroll user's certificates for another user (on the same machine)? This can be done using runas command but can't figure out exactly.

Lee_Dailey
  • 713
Stackbe
  • 111
  • 1
  • 1
  • 6

2 Answers2

4

In addition, I found the following option which can be done by normal users too.

  1. In the PowerShell, use the following commands to run another user's PowerShell

    runas /user:<domain>\<username> powershell

    (this will prompt for the user's password)

  2. On the user's PowerShell type certmgr and enrol the certificates for the user.

Stackbe
  • 111
  • 1
  • 1
  • 6
3

You can do the following:

You can Check if it works by cd-ing and gci-ing around in the Cert: PSProvider after you imported the certs, they should be listed there. here's an example:

[localhost]: PS C:\Users\adminsystem\Documents> cd Cert:
[localhost]: PS Cert:\> cd CurrentUser
[localhost]: PS Cert:\CurrentUser> cd My
[localhost]: PS Cert:\CurrentUser\My> gci

PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\My


Thumbprint                                Subject




F0BD97B4EC6CD8B71C35631738259CF9F2E54381  CN=Adobe Content Certificate 10-5, OU=Cloud Technology, O=Adobe Systems, L=San Jose, S=California, C=US
D1DF7F06B769BCCB3F4479041EC1F06E9CD3CB1A  CN=Adobe Intermediate CA 10-3, OU=Cloud Technology, O=Adobe Systems, L=San Jose, S=California, C=US

or, instead of entering a PSSession (even though I feel this is very comfortable for this task), you can do it directly with Invoke-Command (from an elevated PowerShell)

Invoke-Command -ComputerName localhost { Import-Certificate ... } -Credential (Get-Credential)

The third way - and the only way that works as a normal user is to simply start a new PowerShell as another user

start powershell -credential (Get-Credential)

and then do the cert import there.

SimonS
  • 9,869