Deploy certificate package through Windows Software Distribution Wizard

I created a .exe package (using winrar SFX) with a .bat file and certificate inside of it which will import the certificate into the Trusted Root Certs of the windows computer in MMC automatically. This package works when run on a physical computer, however I was trying to push this out using the “Windows Software Distribution Wizard” in Bigfix. I created a fixlet using this wizard and when ran it would get hung up “Pending Downloads.” I get the feeling that I am missing something simple such as just telling the downloaded package to run. The following is the fixlet contents:

prefetch ********** sha1:******** size:******* sha256:****
extract *********
wait __Download\certname.exe

What I was thinking is that I might just be missing a command such as “runhidden certname.exe”

Any help is appreciated!

I tried adding “runhidden certname.exe” but this didn’t change anything.

Did you check in the Console if the server was able to download the file?

Do you mean to check if the download was cached on the server for the task? If so then yes it completed

If anyone knows of another way to use BigFix to deploy a Certificate to multiple endusers (Windows PC’s) that would be helpful too.

Was this the download you were talking about?

Yes, so it says the command was correct and the server has downloaded it correctly. So this is now an issue of the endpoint getting the download so somewhere this download is not making it to the endpoint successfully. I’d check the endpoint’s logs to find out what is going on.

We normally just include the cert in the task and then run
certutil -f -addstore root “YourCert.cer”

Yeah, that command is part of the .bat file that I have in the auto install package I made. I just wanted to be able to use the functionality of Bigfix’s wizard. It seemed like a very capable and efficient way of getting this and other things pushed out since I create a lot of packages for the company I work for; I would love to just be able to push out my silent auto install packages through bigfix. I have already pushed the cert out using a normal bigfix action script and just pulled the cert from our website, however I would still like to get some clarification on how the Windows Software Distribution Wizard works and if it’s even functioning properly for future possible deployments I might need to send out. If anyone has used this wizard please let me know how your experience with it was and how you got it work, thanks!