Re: WinLogon adds default certificate to "MY" store. Why, and how to disable?

From: Hao Zhuang [MSFT] (hzhuang_at_online.microsoft.com)
Date: 05/23/05


Date: Mon, 23 May 2005 11:14:47 -0700

certprop downloads the certificate from your smartcard to MY store so that
the apps that use the certificate will work (such as enabling outlook
sending encrypted email).

yes you can remove the regkey entry so that certprop is not invoked. however
it may break the scenarios using smartcard certificates.

- hao

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
"Jakub Gwozdz" <gwozdziu@rpg.pl> wrote in message 
news:e5Svem6XFHA.3488@tk2msftngp13.phx.gbl...
> Jakub Gwozdz wrote:
>> Could anyone say, what was the intention of this behavior, and how to 
>> disable this feature?
>
> What else I've had discovered:
>
> - responsible thread was started with WinLogon Notification Packages 
> "ScCertProp" which calls WlNotify.dll!SensStartupEvent, which loops on 
> SCardGetStatusChange and triggers certificate registration when smart card 
> shows up.
> - What's funny, WlNotify.dll!SensStartupEvent is an function of another 
> Notification Package, "SensLogn", but disables this package doesn't make 
> any difference to whole default container registration. I have to remove 
> "ScCertProp" registry key to disable this feature.
>
> So my questions are:
> - Is "ScCertProp" responsible for any other things than "Smart Card 
> Certificate Propagation (I think)"? Like smart card kerberos login on card 
> insert or logout after card removal? Is it safe to disable it?
> - Is there any other way to disable this feature other than removing whole 
> registry key, and will it work on W2K, XP and W2K3 Server?
>
> Best regards
> Jakub Gwóźdź 


Relevant Pages