I recently came across a problem generating self-signed certificates in an automated fashion. Anytime I run makecert.exe I get a pop-up window for a password for the certificate. However, these certificates will never be distributed, so I don't need a password or anything.
How can I get makecert.exe to work without requiring a GUI?
If it helps, my command line takes this kind of form:
makecert.exe mycert.cer -r -n "CN=random-hex-number" -$ individual
-sv private.pkv -pe -cy end
I didn't solve the root problem, but found a way to work around it. It only prompts for a password when you don't provide a private key. By generating a private key beforehand and passing it as the PVK, it won't prompt for a password now.
Put the certificate and the private keys in a folder.
then use the pvk2pfx tool to combine them into one file.
Then when your ready to install use
#pushd "%~dp0"
#start "" /b (command) "%~dp0"
The pushd keeps it the files directory, and start "" /b runs the program without bring up the interface.
Related
I am having a hard time understanding the process of signing / certifying Outlook plugin.
The problem is that plugin works but I can't install it on all machines. On some it can be installed and on some not (it gives security alert about manifest not signed/certified). I have gone through docs but I can't say its clear for me.
What is the easiest way to fix that problem? Could someone explain it in a few, plain english, words?
First you want to create a non-expiring certificate for Visual Studio projects
Type Developer Command in the Start Menu search and right click and select Run as administrator
Paste the following commands in the command prompt for MakeCert and pvk2pfx
MakeCert /n "CN=Your New Cert" /r /h 0 /eku "1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.13" /e "01/01/2100" /sv MyNewCert.pvk MyNewCert.cer
pvk2pfx -pvk MyNewCert.pvk -spc MyNewCert.cer -pfx MyNewCert.pfx
Note:
The date format is the US standard MM/DD/YYYY
The -f parameter can be used at the end of the pvk2pfx line for overwriting an existing file
You'll get prompted to create a password (this is optional)
After the password prompt, you'll need to run the second command line by just pressing the Enter key.
Now you can select the same certificate for multiple Visual Studio projects
In the Visual Studio project properties, select Signing* click on Select from File….
Navigate to the same path from the command prompt and select the certificate file (*.pfx)
In the cmd prompt, is there a command I can run to display the password of the currently logged in user?
My usage scenario is this. I have an arbitrary bat script that runs 3 programs sequentially:
REM do some work
foo.exe
REM do some more work
Half way through foo.exe, it prompts for the current user's password before continuing. This defeats the purpose of scripting, which is automation because after kicking off the script, I must check back half way to enter the password.
Solution 1:
Hard code the password into script and pipe it.
REM do some work
echo hard.coded.password | foo.exe
REM do some more work
This approach has 2 problems right away:
Putting pwd in a bat file is insecure.
Others can't run the script because each has a different pwd.
So ideally, I'd like to do:
REM do some work
command-that-prints-current-user-pwd-to-output | foo.exe
REM do some more work
This way, password is not hard coded in the script, therefore making it more safe and shareable.
Thanks
No you can't. Only the user knows the password. Windows doesn't.
Passwords are one way hashed and the hash is stored not the password. Being one way it can't be reversed. When you enter a password it is hashed and the hashes compared.
I'm trying to create a script to copy a secure exe file to the C directory from a flash drive that is assigned the drive letter D. Then to run the exe, delete the exe, then shut down the PC. I have technicians who need to do this in order to make a biometric reader function properly. They keep screwing up the process and I would like to automate the process to save me a headache. The file is secure and cannot be leaked to our customers due to licensing. I already tried a batch script, but the exe doesn't seem to launch correctly.
Here's what I had:
COPY "D:\Biometric\software.exe" "C:\software.exe"
Pause
pushd C:\
Start "C:\software.exe"
Pause
pushd C:\
erase "software.exe" /F /Q
Pause
c:\windows\system32\shutdown -s -f -t 00
I've never tried VBScript, and I figured maybe that might get me the results I need, any help would be appreciated.
Start considers the first set of quotes it finds to be the window's title, so what you have in your code essentially says "set the window's title to 'C:\software.exe' and then execute the start command on nothing."
Insert an extra set of quotes to make the start command work.
start "" "C:\software.exe"
I have created a batch file (say test.bat). In test.bat I called the tool certmgr.exe to delete the certificate from the certificate store. But when multiple certificate in store with same name, then certmgr.exe, asking the option like which certificate want to delete.
But I want to if the certmgr.exe find the same name certificate in store, then delete all the certificate, no need to ask to user for confirmation. Any idea?
Thanks,
I see that you already resolved this issue by using certutil.exe, but another solution using certmgr.exe could be achieved by piping 1 to the certmgr command (so it always delete the first certificate with the specified name) and then looping on that command until no other certificates exist with that name.
So something like:
while(certificateExistsWithName(certName)) //this is pseudocode that would need to be implemented
echo 1 | certmgr.exe /del /n "certName" /s myStore... etc
We have an older app from 2006 we'd like to uninstall at the command line using group policy, but I can't get a silent uninstall to work.
This works. Of course I need to click Next to uninstall:
"C:\App\Setup.exe" /uninst
But this does not. I see an hourglass for a couple seconds but the app is not uninstalled.
"C:\App\Setup.exe" /uninst /s
I also unsuccessfully tried some VBScripts. They find the app listed but the uninstall fails. I'm not too familiar with how this process is supposed to work.
You need to create first an ISS response file to silently remove your application,
Create response file :
C:\App\Setup.exe /r /f1c:\app\uninstall1.iss
you will be asked to uninstall, .... and perhaps reply the others windows.
Then your application would be uninstalled and you get a new response file c:\app\uninstall1.iss
Next, if you want to remove silently this application on another computer :
launch : C:\App\Setup.exe" /s /f1c:\app\uninstall1.iss
For more information see:
http://www.itninja.com/blog/view/installshield-setup-silent-installation-switches
Best Regards,
Stéphane
Try this, with the original setup.exe version that was used to install
"C:\App\Setup.exe" /x /s /v/qn
I've been struggling with the silent uninstaller for a while, and finally came to a solution that works for me in most cases, both for InstallShield v6 and v7.
1. First (as it was mentioned above), you have to generate an InstallShield Response file (e.g. uninstall.iss). In order to do that you have to launch your setup.exe with parameters:
> setup.exe -x -r -f1"C:\Your\Installer\Location\uninstall.iss"
This will go through the normal uninstall wizard and generate a Response file for you: uninstall.iss
2. Then, before trying your silent uninstaller, I guess, you should re-install the software.
3. And finally, run your silent uninstaller playing back the recently generated Response file:
> setup.exe -x -s -l0x9 -ARP -f1"C:\Your\Installer\Location\uninstall.iss"
That's it.
Now, a few important notes:
Note 1: I'm working with a 3-rd party installation package that I didn't build myself.
Note 2: I use dashes (-) instead of slashes (/) to define parameters. For some reason it doesn't work with slashes for me. Weird but true.
Note 3: The -ARP and -l switches are required for some installation packages to manage the software removal from the Add/Remove Programs list and to preset the default input language accordingly.
Successful silent uninstallation is all about the correct parameters!
So keep exploring, the correct parameters vary depending on a specific package and installer version.
I hope my input was helpful.
Try
Format: Setup.exe M{Your Product GUID} /s /f1[Full path]\*.iss for creating the ISS file for uninstallation.
From Stephanie's sample, I think it's missing the GUID.
There's a good link at the developer's site # Creating the Response File.
Try it out n tell us,
Tommy Kwee
I struggled with this for a long time so posting it here in case anybody else stumbles upon it.
If you happen to have an installer which uses the legacy Package-For-The-Web format then you need to use the parameter -a to pass additional parameters to the extracted setup file.
Record (un)installation files (click through the installer manually):
.\DWG2PDF2019.exe -a /r /f1"c:\app\dwg2019_install.iss"
.\DWG2PDF2019.exe -a /r /f1"c:\app\dwg2019_uninstall.iss"
Silently (un)install:
.\DWG2PDF2019.exe -s -a /s /f1"c:\app\dwg2019_install.iss"
.\DWG2PDF2019.exe -s -a /s /f1"c:\app\dwg2019_uninstall.iss"
Source: https://help.hcltechsw.com/caa/3.0/topics/appacc_silent_install_t.html
There's another way to uninstall an app by searching for it in the Registry, and using the UninstallString (this sample code uses powershell on windows 10):
# Get all installed apps from Registry
$Apps = #()
$Apps += Get-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" # 32 Bit
$Apps += Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" # 64 Bit
# Uninstall My App
$my_app = $Apps | Where-Object{$_.DisplayName -eq "The Name Of My App"}
$uninstall_string = " /C " + $my_app.UninstallString+' /S'
Start-Process -FilePath "cmd.exe" -ArgumentList $uninstall_string -Wait
if you don't know the exact full display name of your app, you can print the "Apps" array to a file, and search there:
$Apps | Out-File C:\filename.txt
I was working on a silent uninstall of an InstallShield installer and was running into similar issues. What was posted here did not work or help. After lots and lots of trial and error I did find that for some reason when I used the -uninst option for both the creating the response file and running the silent uninstall I had success. In case anyone runs into a similiar issue and stumbles upon this thread I wanted to share. I am not sure why but adding -uninst did change the contents of the response file.
In my example creating response file: "C:\Program Files (x86)\InstallShield Installation Information\{0D20ACF2-CEE1-4523-BFCF-389BC4CC81FB}\setup.exe" -runfromtemp -l0x0409 -removeonly -uninst -r -f1"c:\uninstall.iss"
Then I could finally get the silent uninstall to function as expected: "C:\Program Files (x86)\InstallShield Installation Information\{0D20ACF2-CEE1-4523-BFCF-389BC4CC81FB}\setup.exe" -runfromtemp -l0x0409 -removeonly -uninst -s -f1"c:\uninstall.iss"