When trying to install a software via SCCM that requires device drivers to be installed, I ran into the problem that the installation would fail because the drivers’ publisher was not trusted and a message box was displayed.

So get hands on the certificate, I installed the software manually and exported the certificate by running mmc.exe -> Add/Remove Snap-In… -> Certificates -> Computer Account”, navigating to “Trusted Publishers”, right-clicking the certificate and choosing All Tasks -> Export. For this to work properly, the export should be a “Base-64 enoded X.509 (.CER)” file.

Installing the certificate from a cmd in SCCM is pretty straight forward and this command works both for Windows 7 and Windows 10:

CertUtil -AddStore "TrustedPublisher" "%~dp0mycertificate.cer"

After adding the certificate that way, the software installation completed sucessfully.

Some more personal reminders

  • Why not use CertMgr.exe?
    Because it was part of the Windows Server 2003 Resource Kit Tools and not part of the OS.
  • Why not use PowerShell?
    Because "Import-Certificate <mycertificate.cer> -CertLocation Cert:\LocalMachine\TrustedPublisher" works like a charm on Windows 10 but it does not on Windows 7 as the PowerShell version on 7 is too old and does not contain that command.
  • Why not use GPO?
    As far as I could see, GPOs can be used to install certificates to certain stores but not the Trusted Publishers store. Second, the certificate is only needed on the machines that require the software so … keep it simple.
  • The software?
    That was VB-Audio VB-Cable, a software that emulates a virtual audio cable. See https://www.vb-audio.com/Cable/index.htm for details. And if you stumpled across this page trying to install this software via SCCM: use the above guide to install the certificate and add "%~dp0VBCABLE_Setup_x64.exe -i -h". I found no official documentation on this but I guessed it’s “I-nstall” and “H-idden”.