Hi,I'm just trying to automate checking for and the request of the computer certificate(with the Client Authentication purpose), I'm currently provisioning the certificate forautoenrollment through domain policybut in this case I'm also scripting the install of the SCCM Client and I want to be able to check the client has the cert before I attempt an install,or in the case it doesn't I want to request it before I run the install..From the UII can check the certificate exists in the Certificates MMC local storeor I can request a new one (right-click > All tasks > requestnewcertificate ...)I'd prefer to be able to use objects available to vbscript to do this but I don't mind shelling out to an exe if that's required also.. unfortunately I'm not able to be rely on powershell etc being there...any pointers would be very helpful!thanks

You can use "certutil -user -store My" to enumerate certs in the user store. certutil is available on Vista+ machines. You can copy it from a win2k3 machine to an xp machine.You can also use capicom on platforms that support it to enumerate certs as well; I think.You can also write a small client component [C#, C++] to determine if a cert is installed on the client.To "autoenroll" you can use the command "certutil -user -pulse" to force the autoenrollment client to run for the user side.Andrew

Hi, Please understand this forum is for general PKI system administrating and implementing, I suggest that you initial a new post in The Official Scripting Guys Forum! to get further support there. They are the best resource for scripting related problems. For your convenience, I have list the link as followed. The Official Scripting Guys Forum! http://social.microsoft.com/Forums/en-US/ITCG/thread/34ed6cba-7698-4aa8-b13c-8693081296ef The following information is for your reference: How to remove a trusted Certificate Authority from computers in the domain http://support.microsoft.com/kb/555894 Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.