1 of 1 people found this helpful
I figured it out.
On my PC which is domain joined, running mmc and adding the certificates snap in for the local computer I saw a WSUS Publishing Certificate in Trusted Root Certification Authorities and also Trusted Publishers. I exported these two and transferred them to the non-domain kiosks machines using Dameware MRC and imported the certificates. Now everything is installing great.
Also in the local policy of these kiosks I changed the BITS bandwidth to only use 100kb during business hours.
As a side note, there is a task in Patch Manager under Administration and Reporting (or on the right-click menu if you browse to and select a machine) called "Client Certificates Management". That task will attempt to read the cert from the WSUS server and then distribute it to the targeted machine(s) into the proper stores. That task can be scoped to multiple machines if desired.
The main 'gotcha' with it is that it will look into the Credential Ring to find the proper credential to use to initiate the task, so if your target is a standalone/workgroup machine, it may be the case that there is not a valid credential in the credential ring. But if there is, this way of getting the cert out might be easier than using DameWare to do it.