Problem solve Get help with specific problems with your technologies, process and projects.

Exploring the Windows Server 2003 Resource Kit: Cmdhere.inf and CMGetCer.inf

As we continue our series on the Windows Server 2003 Resource Kit, Windows expert Tim Fenner breaks down two important tools -- Cmdhere.inf and CMGetCer.inf.

This segment of our in-depth look at Microsoft's Windows Server 2003 Resource Kit will be focused on two tools: the Cmdhere.inf and the Connection Manager Certificate Deployment tool.


This INF file is used to extend the right-click menu in the Windows Explorer shell. With this extension, you can right click on any file or folder, choose the "CMD Prompt Here" option and a new command window (DOS prompt) will open with the command prompt's starting path pointing to the object you had focused on.

Same as the other Windows Server 2003 Resource Kit tools


  1. Locate the Cmdhere.inf file in the Resource Kit folder (C:\Program Files\Windows Resource Kits)
  2. Right click on the Cmdhere.inf file and choose Install
    Run the following command (either manually or from a batch file): regsrv32 cmdhere.inf

General use:
This tool is pretty simple to use. By opening a command-line session through the CMD Prompt Here option, you save yourself from having to open the session manually (start run: cmd) and typing out the full path to the desired object folder. And you don't have to open a command-line session by manually typing cd {space} and then dragging the folder object into the CMD window.

Not all folders work with this command.


Basic info:
If you are in the business of deploying Remote Access Connections to clients using Connection Manager, then the Connection Manager Certificate Deployment Tool (CMGetCer.inf) should be on your list of tools to use. This little DLL enables remote users who require a secure virtual private network (VPN) to automatically obtain a certificate for L2TP/IPsec connections. Normally, you have to jump through several hoops to get certificates installed on client computers, but CMGetCer allows the administrator to automate the process.

According to Microsoft, the Connection Manager component was designed to provide customized remote access to your network through a dial-up or a VPN connection. The company states that, "by deploying remote access clients with the Connection Manager family of programs, which includes the Connection Manager Administration Kit (CMAK), Connection Point Services (CPS) and the Connection Manager client, you can configure the remote access experience for your users."

The tool runs custom actions at various points when you are establishing a connection. Per Microsoft, the CMAK wizard can be used to include custom actions (batch files, executable files, DLLs) in your service profile to automatically start programs when users connect to your service. The programs used by these custom actions can distribute the programs with your service profile, or they can use programs that users have installed themselves.


  • Windows XP Professional or Windows Server 2003 family operating system
  • Connection Manager
  • Membership in the administrators domain local group

These are the system requirements for clients to run a profile containing CMGetCer: Windows Server 2003, Windows XP Professional, Windows XP Home Edition, Windows 2000, Windows Millennium Edition (ME) or Windows 98 operating system.

Copy the DLL to the system running Connection Manager

General use:
To use CMGetCer, you need a Connection Manager profile that calls CMGetCer.dll as a pre-tunnel or as a connect action. To create your Connection Manager profile, use the Connection Manager Administration Kit.

To create a CM profile by using CMAK:

  1. Run the CMAK Wizard.

  2. Select Create a custom action.

  3. Select Client Policy-checking Script as the custom action for the policy.

  4. Under Edit Custom Action, enter cmgetcer.dll in the Program to run box, set Action type to Pre-tunnel or to Connect, and then set Run this custom action for to All connections.

Tim Fenner (MCSE, MCSA: Messaging, Network+ and A+) is a senior systems administrator who oversees a Microsoft Windows, Exchange and Office environment. He is also an independent consultant who specializes in the design, implementation and management of Windows networks.

Dig Deeper on Windows Server troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.