The usual way to distinguish between the two is to check the
certificate's Subject extension and verify to whom the certificate was
issued. If it names a computer account (often - but not always - with
a trailing "$" at the end of the hostname), then it's intended as a
machine certificate. If it names a user account, then it's intended
as a user cert.
The message that Leander wrote really meant to say "you do not need
Admin rights to import a certificate or PFX file into the user's
certificate store, but you'll need Admin rights to import a
certificate or PFX file into the machine's certificate store". Any
certificate *can* theoretically be used by either a user or computer
account - it all comes down to what certificate usage (e.g. "server
authentication", "S/MIME signature") is enabled in the certificate,
and what the applications that use the cert will do when it encounters
missing or unexpected fields.
In practice however, computer certificates usually can only be used by
the computer account because - at least for many Windows services -
the computer account to which the cert is associated in Active
Directory won't have the accesses needed by an end user. [Another
common limitation is that many - but not all - computer certificates
are enabled only for "server authentication", which is not a usage
that is ever needed/allowed/expected for user certificates.]
Hope this helps,
Mike
