The D-Spot (The Deployment Spot)

1. Purpose:

Instead of using the ‘Devicepath’ method; with the Microsoft utility DPINST.EXE, it is possible to do a pre-installation of different device drivers; a major advantage is that de device can be attached later (even in a User context), without any intervention needed.
On installation with DPINST the drivers are installed in
C:\Windows\System32\DRVSTORE
Important: this method has nothing to do with the ‘Local Cache’.

2.     Prerequisites:
DPInst.exe
DPInst.xml

Is part of “Driver Installation Tools 2.01” downloaded from Microsoft

3.     Procedure:

 Download and/or extract the device drivers.

Normally the drivers are in the drivers folder of the extracted files, eventually under a sub-folder for the operating system (WinXP_32). 

A set of drivers should contain, one ore more:

*.cat files (Security Catalog)

*.inf files (Setup Information)

*.sys files (System File)

other files

 Add DPINST.exe and DPInst.xml in that folder.

The provided DPInst.xml file contains following parameters:

 <?xml version=”1.0″?>
<dpInst>
   <quietInstall/>
   <forceIfDriverIsNotBetter/>
   <suppressAddRemovePrograms/>
   <legacyMode/>  
</dpInst>

Manually Pre-Installation (stand-alone): 
Launch DPINST.EXE from the folder above created folder. Follow the instructions on screen.

Manually Pre-Installation (stand-alone with command-line switches on DPINST.exe):
Launch DPINST.EXE from the folder above created folder, with command-line switches: /lm /q /sw

IMPORTANT:

The command-switches are prior to the settings used in the DPInst.xml file.

 Command-switches explanation for above command-line:

/lm

The /lm command-line switch sets the legacyMode flag to ON, which configures DPInst to accept unsigned driver packages and driver packages that have missing files. For more information, see “Setting the legacyMode Flag” earlier in this paper.

/q or /s

The /q or /s command-line switch sets the quietInstall flag to ON, which suppresses the display of wizard pages, user dialog boxes, and other user messages that DPInst and Windows generate. The quietInstall flag works in combination with the presence of a EULA page and the suppressEulaPage flag, as described earlier in this paper in “Setting the quietInstall Flag” and “Setting the suppressEulaPage Flag”.

/sw

The /sw command-line switch sets the suppressWizard flag to ON, which suppresses the display of wizard pages and other user messages that DPInst generates. The suppressWizard flag works in combination with the presence of a EULA page and the suppressEulaPage flag, as described earlier in this paper in “Setting the suppressWizard Flag” and “Setting the suppressEulaPage Flag”.

I always struggle to import certificates. But with this commandline-tool (importpfx.exe) it is easy to install them.

———–

Go to http://home.fnal.gov/~jklemenc/dl/importpfx.zip and download importpfx.
Unzip it.
Usage: importpfx.exe -f -p -t USER|MACHINE -s [-r "Subject OU to remove" | -all]

This utility will import a PKCS12 certificate file (with a .p12 or .pfx extension) into the certificate store specified by the -s parameter.

The default behavior is to overwrite like certificates (if available). The -r “Subject OU” will remove all certificates matching the Subject CN
in from the CN in the PKCS12 file and the Subject OU set to the -r parameter.

PARAMETERS:
-f = PKCS12 filename
-p = Password to secure the private key with
-t = Store type (USER or MACHINE)
-s = The certificate store to import into (MY is a common param)

-r “Subject OU Text” = Delete all user certificates in which the Subject OU matches the -r “Subject OU Text” and the Subject CN matches the PKCS12 Subject CN
-r -all = Delete ALL user certificates in the

Import a PKCS12 file into the local machine Testing store and delete any stored certificates with a Subject containing OU=”Self-Signed CA”:
importpfx.exe -f x509.p12 -p “” -t MACHINE -s Testing -r “Self-Signed CA”

Delete ALL certificates in the USER MY store:
importpfx.exe -t USER -s MY -r -all

Examples:
Import a PKCS12 file into the MY store, overwriting if allowed:

importpfx.exe -f clientcert.p12 -p “testpwd” -t USER -s MY

Advantages : Silent install & You don’t have to know the username that is logged in.

source:http://www.symantec.com/connect/forums/install-p12-certificate-silently