none
Import Certificate into Service Account's personal store

    Question

  • I have created a service account that is going to run a service that I've developed.  If I right-click on certmgr.msc and select "Run as different user", I can log on as the service account and auto-enroll for its certificate (I have a "service account certificate template").  This gets both the certificate and the private key imported into the service account's personal store.  Everything works great.

    The problem is that my current process requires me to manually log on and then manually import the cert for my service account.  Instead, what I'd like to do is programmatically import the service account's certificate, either through .NET or a batch script of some sort.  Even better would be if I could somehow configure "Credential Roaming" for service accounts.  As far as I can tell, though, "Credential Roaming" is a thing that happens when users log on to the machine.  A Windows Service starting up probably wouldn't trigger "Credential Roaming" for my service account, I'm thinking.

    What would you all advise?

    Wednesday, October 17, 2012 10:05 PM

All replies

  • Hi,

    Thanks for your post.

    Did you mean that you use mmc to manually import certificate to service account store? If not, please refer to the following steps describe at below article.

    Manage certificates for a service

    http://technet.microsoft.com/en-us/library/cc780545(v=ws.10).aspx

    Best Regards,

    Aiden

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Aiden Cao

    TechNet Community Support

    • Marked as answer by Aiden_CaoModerator Tuesday, October 23, 2012 5:51 AM
    • Unmarked as answer by jar349 Tuesday, October 23, 2012 7:47 AM
    Friday, October 19, 2012 6:13 AM
    Moderator
  • Hi,

    How are things going? I just want to check if the information provided was helpful. If there is any update or concern, please feel free to let us know.

    Best Regards,
    Aiden

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Aiden Cao

    TechNet Community Support

    Monday, October 22, 2012 5:30 AM
    Moderator
  • Aiden,

    Yes, I am using the mmc to manually import it.  But I don't want to continue doing it this way.

    "The problem is that my current process requires me to ... manually import the cert for my service account.  Instead, what I'd like to do is programmatically import the service account's certificate, either through .NET or a batch script of some sort."

    Tuesday, October 23, 2012 7:50 AM
  • Hi,

    Thanks for your update.

    Maybe, script/PowerShell can do this task. However, I am not a script expert. After some research, I cannot find one specific command-line or script which meet your request. So, I would recommend that you ask this question at scripting forum. There, you may get more effective suggestion by other experts who familiar with this topic. Your understanding is highly appreciated.

    Best Regards,
    Aiden

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Aiden Cao

    TechNet Community Support

    Thursday, October 25, 2012 7:28 AM
    Moderator