Re: WinLogon adds default certificate to "MY" store. Why, and how to disable?

From: Hao Zhuang [MSFT] (hzhuang_at_online.microsoft.com)
Date: 05/23/05


Date: Mon, 23 May 2005 11:14:47 -0700

certprop downloads the certificate from your smartcard to MY store so that
the apps that use the certificate will work (such as enabling outlook
sending encrypted email).

yes you can remove the regkey entry so that certprop is not invoked. however
it may break the scenarios using smartcard certificates.

- hao

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
"Jakub Gwozdz" <gwozdziu@rpg.pl> wrote in message 
news:e5Svem6XFHA.3488@tk2msftngp13.phx.gbl...
> Jakub Gwozdz wrote:
>> Could anyone say, what was the intention of this behavior, and how to 
>> disable this feature?
>
> What else I've had discovered:
>
> - responsible thread was started with WinLogon Notification Packages 
> "ScCertProp" which calls WlNotify.dll!SensStartupEvent, which loops on 
> SCardGetStatusChange and triggers certificate registration when smart card 
> shows up.
> - What's funny, WlNotify.dll!SensStartupEvent is an function of another 
> Notification Package, "SensLogn", but disables this package doesn't make 
> any difference to whole default container registration. I have to remove 
> "ScCertProp" registry key to disable this feature.
>
> So my questions are:
> - Is "ScCertProp" responsible for any other things than "Smart Card 
> Certificate Propagation (I think)"? Like smart card kerberos login on card 
> insert or logout after card removal? Is it safe to disable it?
> - Is there any other way to disable this feature other than removing whole 
> registry key, and will it work on W2K, XP and W2K3 Server?
>
> Best regards
> Jakub Gwóźdź 


Relevant Pages

  • Re: Cyrus 2.2 imapd in AMD64
    ... tlsprune is disable now so it doesnt lock the start up of the cyrus ... # The minimum SSF that the server will allow a client to negotiate. ... # File containing the private key belonging to the global server certificate. ... THIS DISABLES THE WEAK 'FOR EXPORT' CRAP! ...
    (Debian-User)
  • Re: Word 2007 Digital Certificate problems?
    ... and the certificate was handled as I expected it to be -- ... - With trust set to "Enable all macros," everything works fine. ... With trust set to "Disable macros unless digitally signed," one gets ... In Word's help, it tells me that when it disables macros in a project, ...
    (microsoft.public.word.vba.general)
  • Re: Digitally Signed Macros
    ... In the VBA editor, select the project, then goto Tools, Digital Signature, ... >I imbedded some macros in a worksheet and now when I open the worksheet ... > it disables the macros unless I lower the ... per the directions I created a digital certificate. ...
    (microsoft.public.excel)
  • RE: Problems enabling smart card login on windows 2000
    ... Bad Certificate; ... Troubleshooting Windows 2000 PKI Deployment and Smart Card Logon ... | - Installing a Windows 2000 Server as a Domain Controller ...
    (microsoft.public.win2000.security)
  • Re: question about private certificate stored on smart card
    ... >> With Windows 2003 CA there is an option to archive user's private key. ... >> Archival is done automatically when certificate is issued. ... >> able to find out there are no smart card CSP available today that would ... > The software does allow recovery of smart card encryption certificates. ...
    (microsoft.public.win2000.security)