I think I remember someone asking how to import PFX certificates into user profiles, whether they be mandatory, local or roaming. On a clean up of my utilities disk I found the following app from the old days that lets you automate the import of a certificate in the users private store. The app can be download at: http://home.fnal.gov/~jklemenc/importpfx.html It's call importpfx and it still works nicely for those scanarios if used in a logon script. IMPORTPFX v1.0 Joe Klemencic 2002 Usage: importpfx.exe -f <filename.p12> -p <export passwd> -t USER|MACHINE -s <certstore> [- r "Subject OU to remove" | -all] This utility will import a PKCS12 certificate file (with a .p12 or .pfx extension) into the certificate store specified by the -s parameter. The default behavior is to overwrite like certificates (if available). The -r "Subject OU" will remove all certificates matching the Subject CN in from the CN in the PKCS12 file and the Subject OU set to the -r parameter. PARAMETERS: -f = PKCS12 filename -p = Password to secure the private key with -t = Store type (USER or MACHINE) -s = The certificate store to import into (MY is a common param) -r "Subject OU Text" = Delete all user certificates in which the Subject OU matches the -r "Subject OU Text" and the Subject CN matches the PKCS12 Subject CN -r -all = Delete ALL user certificates in the <certstore> Examples: Import a PKCS12 file into the MY store, overwriting if allowed: importpfs.exe -f x509.p12 -p "password" -t USER -s MY Import a PKCS12 file into the local machine Testing store and delete any stored certificates with a Subject containing OU="Self-Signed CA": importpfx.exe -f x509.p12 -p "" -t MACHINE -s Testing -r "Self-Signed CA" Delete ALL certificates in the USER MY store: importpfx.exe -t USER -s MY -r -all -- Warren Simondson Ctrl-Alt-Del IT Consultancy Pty Ltd Website: http://www.ctrl-alt-del.com.au ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin Follow ThinList on Twitter http://twitter.com/thinlist ************************************************