See if cert is local machine or current user?

There seems to be two cert managers. One for Current User at certmgr.msc and another for Local Machine at certlm.msc. From this site here: https://docs.microsoft.com/en-us/win...ificate-stores it says that Local Machine cert entries are also listed in Current User.

What I want to know is, is there a way to tell if a certificate listed in certmgr.msc is Local Machine or Current User? Because deleting a certificate from certmgr.msc would also delete it from Local Machine if it exists as a Local Machine entry. This is especially a problem when you may have duplicate certificates or different Local Machine/Current User certificate entries.

There doesn't seem to be a way within certmgr or certlm to check if a certificate is local to Current User or not. This is a problem when you import a certificate to both Local Machine and Current User, as it shows up only once in certlm.msc but twice in certmgr.msc with no difference between the two. You would not know which one to delete if you wanted to remove Current User's version only.

Edit: Seems theres a few roundabout ways...
Method 1: Check the store locations here https://docs.microsoft.com/en-us/win...tore-locations and see if you can find stores via their thumbprint...
Method 2: in cmd type certutil (-user) -(view)store <name of store> as suggested here: Windows certificate stores | Blog. This is ok for seeing if there are specific certs in one store...

Not sure why it has to be so roundabout... if anyone else knows of another method please do tell

Hi,

Open the Run Dialog.

Type mmc press enter.

Click File, Add/Remove Snap-ins.

On the left pane select Certificates, Click Add>,

In next dialog select "My user account" or "Computer Account"

Click Next / Finish.

You can add both if you want, by repeating these steps.

For quick access: Save as "My Cert Console.msc" in your docs.