Deploy root/trusted publisher certificate file to windows machines

Solution 1:

As you have that many machines it seems reasonable to assume you're use an AD domain, in which case you can push the certs out using Group Policy Objects. There are numerous articles describing the steps, such as this one from Technet.

Solution 2:

Following clues from this prior question import certificate using command line in Win XP Home, and a fair bit of playing around, now have this consistently deploying across OS's.

Have extracted the following files from the 32-bit Win Server 2003 SP2 Admin Pack (KB340178) and saved together with the certificate in a folder on the packages source in SCCM:

certadm.dll
certcli.dll
certreq.exe
certutil.exe
cert.cer

Now ditching the batch file and creating two separate programs in SCCM with the following two command lines (both chained together into the one advert) it all seems to be working as an automated rollout across the OS's.

certutil.exe -addstore TrustedPublisher cert.cer

certutil.exe -addstore root cert.cer