How can I start certmgr.msc for computer account?

Question

I can start individual Management Console snap-ins by starting them directly without going through starting mmc.exe and selecting the snap-ins I want.

However, for certmgr.msc selecting in MMC gives me the option to load certmgr for the computer account, which is usually what I need. How can I load certmgr for the computer account from the command line?

score 150 · Answer 1 · edited Jun 13 '16 at 08:57

150

If you have 2012R1/Win8 or later: You can use certlm.msc (Certificates Local Machine) instead of certmgr.msc. That will open the computer certificate store.

edited Jun 13 '16 at 08:57

StackzOfZtuff

1,630

answered Mar 01 '13 at 09:37

fgc

1,509
1
9
2

score 67 · Answer 2 · edited Jun 28 '15 at 11:49

The previous answer confused me until I found that a couple of steps were not explicitly stated. Whenever I opened certmgr.msc it only showed me the Current User certs, rather than the ones for the Local Computer store. I found more details in this blog entry.

In case that link dissolves, you need to do these steps to access the different stores:

Start → Run: mmc.exe
Menu: File → Add/Remove Snap-in…
Under Available snap-ins, select Certificates and press Add.
Select Computer Account for the certificates to manage. Press Next.
Select Local Computer and press Finish.
Press OK to return to the management console.

Once you have the MMC set up, then you can save the msc with a new name per the above answer.

score 7 · Accepted Answer · edited Jun 13 '16 at 10:13

Save the .msc file to a file share and just call the UNC.

What I did was create the .msc file (as answered above) but I saved it to a network resource. When I go to the next server, I can call the UNC via the RUN and done the local computer's certificate manager opens up as the Computer Account too. I tested it across a couple different IIS boxes and found it was indeed unique and the computer's account.

\\fileserver\share\certmgr_computeraccount.msc

score 2 · Answer 4 · answered Feb 23 '11 at 20:23

2

Run mmc, select the snap-in, and save (File → Save) the console to your preferred location. Call it something like syscertmgr.msc. Run the saved console whenever you want the computer account's certificates.

answered Feb 23 '11 at 20:23

grawity

501,077

score 0 · Answer 5 · answered Dec 10 '15 at 09:54

If you follow the instructions in @WiringHarness answer. On the 'Select Computer' screen, make sure you tick "Allow the selected computer to be changed when launching from the command line. This only applies if you save the console."

Let's imagine you save the console in your Windows user home directory with file name certs.msc.

The following batch script will allow you open the Certificates console on a remote machine as another user...

@echo off
set /p hostname="Enter host name: "
set /p username="Enter domain\username: "
runas /user:%username% "mmc %homepath%\certs.msc \"/computer:%hostname%\""

score 0 · Answer 6 · answered Jul 11 '17 at 14:11

Since .msc files are for the most part XML, you can create your own certlm.msc

Step 1) Make a copy of Certmgr.msc (copy certmgr.msc certlm.msc) Step 2) open certlm.msc in the text editor of your choice (notepad certlm.msc) Step 3) Change Line 88 in the file from: -"Certificates - Current User" -to: -"Certificates - Local Computer" Step 4) Save the file

How can I start certmgr.msc for computer account?

6 Answers6

Linked