Re: How to CERT_SYSTEM_STORE_USERS?

From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 02/28/05


Date: Mon, 28 Feb 2005 05:29:44 -0800

Make sure you call LoadUserProfile() after impersonation.

-- 
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Top Whitepapers:
Auto-enrollment whitepaper: 
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
Best Practices for implementing Windows Server 2003 PKI: 
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
Troubleshooting Certificate Status and Revocation whitepaper: 
http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx
Windows Server 2003 web enrollment and troubleshooting guide: 
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
"ESOCIAL" <nospam@nospam.com> wrote in message 
news:111c9qigeqv5413@corp.supernews.com...
>I also observed that enumeration of the impersonated user certs fail if the
> user hasn't been logged at least once on to the system after the last 
> system
> restart.
> Do I need to modify any system settings (related to cached credentials) to
> take of this?
>
> Thank you
> -Vasu
>
>
>
> "ESOCIAL" <nospam@nospam.com> wrote in message
> news:111c3u4av4do219@corp.supernews.com...
>> Thank you  David / Hao,
>>
>> Impersonation helped. I am able to enumerate Certs for a user who's not
>> logged on currently to desktop.
>>
>> However, the function CryptDecryptMessage fails with the error Cert or
>> object not found when I use cert store handle as part of the
>> PCRYPT_DECRYPT_MESSAGE_PARA  for the impersonated user.
>>
>> What could I be doing wrong? The certificate CSP is Microsoft Enhanced
>> Cryptographic Provider v1.0.
>>
>> Thanks,
>> Vasu
>>
>>
>>
>>
>> "David Cross [MS]" <dcross@online.microsoft.com> wrote in message
>> news:uvzWuLREFHA.1836@tk2msftngp13.phx.gbl...
>> > only if you impersonate the user and load their profile first.
>> >
>> > -- 
>> > David B. Cross [MS]
>> > --
>> > This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> >
>> >
>> > Top Whitepapers:
>> >
>> > Auto-enrollment whitepaper:
>> >
>>
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
>> >
>> > Best Practices for implementing Windows Server 2003 PKI:
>> >
>>
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
>> >
>> > Troubleshooting Certificate Status and Revocation whitepaper:
>> > http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx
>> >
>> > Windows Server 2003 web enrollment and troubleshooting guide:
>> >
>>
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
>> > "ESOCIAL" <nospam@nospam.com> wrote in message
>> > news:110q7l0rok5s96@corp.supernews.com...
>> > > Hi,
>> > >
>> > > I intend to open a certificate store of any user on my computer or
>> domain.
>> > > Can this be done?
>> > > I assume I can user CertOpenSstore call with CERT_SYSTEM_STORE_USERS.
> Is
>> > > this right? I don't see any sample on MSDN on 
>> > > CERT_SYSTEM_STORE_USERS.
>> > >
>> > > Any ideas??
>> > >
>> > > -thanks
>> > > Vasu
>> > >
>> > >
>> >
>> >
>>
>>
>
>