Applescript: How to run a script once upon logon for multiple users

I'm deploying a NetRestore image to about 150 Macs which will be using Active Directory and I've designed a custom default user for each new user. However, our system requires a specialized certificate that has to be installed on the local login.keychain for each user otherwise network connectivity is impacted.

I've tried to use the security command through Terminal to install the certificate, but no matter what combination of commands, I cannot seem to get that to work properly even with an already-created user. While it will often say it's installed, the cert will not actually show up in the login keychain in Keychain Access. And the network connectivity is still impacted.

So instead, I created a brief AppleScript that just gives the user brief instructions to click "Add" on the prompt for which Keychain to add the cert and then "Always Trust" for the "This cert is not verified" prompt. Then it launches Keychain Access. Originally, I was going to have it actually click the buttons for the user, but I realized trying to get the whole Accessibility apps and assitive devices to work on every new user would be a nightmare.

I created the script on another 10.9 Mac using Automator to make it an actual application. I've used the instructions in OS X: Using AppleScript with Accessibility and Security features in Mavericks to sign it and I'm using root to move it from its network location into the Applications folder. I've adjusted the permissions to allow all Admin users to r/w (along with everyone else). To the root user, it shows as a usable application, but every other user on the Mac sees it as damaged/incomplete.

What I want to do is add it to the default Login Items, so I can run the final AppleScript command to simply remove the login items listing. That way I don't need to worry about it running again, but it's still available for the next user to sign onto the deployed Mac.

I know it's a little convoluted, but this is the final piece to the NetRestore deployment I've been working on for months. Any suggestions on how to make this work (or even a completely different solution) would be greatly appreciated.

Here was the original shell script in case you're curious.

#!/bin/bash

## Prompt for current user admin for use in Certificate Install
while :; do # Loop until valid input is entered or Cancel is pressed.
    localpass=$(osascript -e 'Tell application "System Events" to display dialog "Enter your password for Lync Setup:" default answer "" with hidden answer' -e 'text returned of result' 2>/dev/null)
    if (( $? )); then exit 1; fi  # Abort, if user pressed Cancel.
    localpass=$(echo -n "$localpass" | sed 's/^ *//' | sed 's/ *$//')  # Trim leading and trailing whitespace.
    if [[ -z "$localpass" ]]; then
        # The user left the password field blank.
        osascript -e 'Tell application "System Events" to display alert "You must enter the local user password; please try again." as warning' >/dev/null
        # Continue loop to prompt again.
    else
        # Valid input: exit loop and continue.
        break
    fi
done

echo $localpass | sudo security import /'StartupFiles'/bn-virtual.crt ~/Library/Keychain/login.keychain

osascript -e 'tell Application "System Events" to delete every login item whose name is "LyncCert"

And this is the AppleScript itself. (I used the \ to make it easier to read. The first line is actually one complete command)

display dialog "Click OK to start installing Mac Network Certificate." & return & return & \
"In the following prompts, click the 'Add' then 'Always Trust'." & return & return & \
After you have clicked 'Always Trust', quit Keychain Access." default button 1 with title \
"Mac Network Certificate Install"

activate application "Keychain Access"
tell application "Finder" to open POSIX file "/StartupFiles/bn-virtualcar.crt"

tell application "System Events" to delete login item "Lync-AppleScript"

end

Thank you for your help!