Windows – Enroll user’s certificates for another user on the same machine

client-certificatecmd.exepowershellrunaswindows

If I'm logged in as a normal user, how can I download/enroll user's certificates for another user (on the same machine)? This can be done using runas command but can't figure out exactly.

Best Answer

  • You can do the following:

    You can Check if it works by cd-ing and gci-ing around in the Cert: PSProvider after you imported the certs, they should be listed there. here's an example:

    [localhost]: PS C:\Users\adminsystem\Documents> cd Cert:
    [localhost]: PS Cert:\> cd CurrentUser
    [localhost]: PS Cert:\CurrentUser> cd My
    [localhost]: PS Cert:\CurrentUser\My> gci
    
    
       PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\My
    
    Thumbprint                                Subject
    ----------                                -------
    F0BD97B4EC6CD8B71C35631738259CF9F2E54381  CN=Adobe Content Certificate 10-5, OU=Cloud Technology, O=Adobe Systems, L=San Jose, S=California, C=US
    D1DF7F06B769BCCB3F4479041EC1F06E9CD3CB1A  CN=Adobe Intermediate CA 10-3, OU=Cloud Technology, O=Adobe Systems, L=San Jose, S=California, C=US
    

    or, instead of entering a PSSession (even though I feel this is very comfortable for this task), you can do it directly with Invoke-Command (from an elevated PowerShell)

    Invoke-Command -ComputerName localhost { Import-Certificate ... } -Credential (Get-Credential)
    

    The third way - and the only way that works as a normal user is to simply start a new PowerShell as another user

    start powershell -credential (Get-Credential)
    

    and then do the cert import there.