Re: CertSrv Question
From: John D. Gwinner (jgwinner@dazsi.com)
Date: 08/30/02
- Next message: Fjodor: "Prevent users from disjoining"
- Previous message: Stephanie: "Lock down application"
- In reply to: D. Cross [MS]: "Re: CertSrv Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "John D. Gwinner" <jgwinner@dazsi.com> Date: Fri, 30 Aug 2002 11:50:43 -0700
In my case as posted earlier I didn't install a stand alone CA, I installed
a root CA for the domain for development purposes. I want to get rid of the
server entirely, and make all domain PC's quit doing ANYTHING with cert's.
In effect I want to revert everything on the domain to just before the root
CA was installed.
How do I do that?
== John ==
"D. Cross [MS]" <vaq130@hotmail.com> wrote in message
news:ePJ8izpTCHA.1308@tkmsftngp13...
> You can use dsstore.exe in Windows 2000 Reskit for Win2K or you can use
> certutil.exe in Windows .NET to remove this.
>
> A standalone CA will never add its certificate to the NTAUTH store
> automatically, you would have to add it to that location manually. I
think
> the cert may be in the certification authorities container in the Public
Key
> Services node of the configuration partition. You can use something as
> simple as ADSIEDIT tool to delete it.
>
> --
>
> David B. Cross [MS]
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> <newsgroups@MSWEBS.com> wrote in message
> news:oirlmu80ve481oe1i08o5o7r35tl940gan@4ax.com...
> > How do you delete it? You guys at Microsoft seem to be making this
> > hard for some reason or another. Every where that I have seen this
> > posted, and replied to by someone at Microsoft, you seem to beet
> > around the bush on how to remove the CA completely. All I'm trying to
> > find out is; how do you completely remove CA, and all the components
> > it added to my domain? As stated, I installed a stand-alone CA on a
> > PDC in my forest. In doing so, it replicated a certificate to the
> > entire forest. I have now un-installed the CA, but the certificates
> > are still valid on all the clients. There is nothing in the GPO that
> > is stating to replicate that certificate to any of the clients, and if
> > I delete it; it comes back either after a reboot or after a certain
> > time period. I have deleted it off of every one of my servers and
> > several of the clients, but it still comes back. How do I COMPLETLY
> > remove the certificate?
> >
> > DM
> >
> > On Mon, 26 Aug 2002 17:40:21 -0700, "Shreeniwas Kelkar [MS]"
> > <srkelkar@online.microsoft.com> wrote:
> >
> > >The reason most likely is that the CA cert is still there in the NTAuth
> > >certificate store. If true, this cert will be brought down to all
domain
> > >member machines through group policy. And as long as this cert is
> trusted,
> > >all valid certs issued by it will verify.
> > >
> >
>
>http://www.microsoft.com/windows2000/techinfo/planning/walkthroughs/default
> .
> > >asp
> > >
> > >--
> > >Shreeniwas Kelkar,
> > >Microsoft Corp.
> > >
> > >This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > >Use of any included samples is subject to the terms specified at
> > >http://www.microsoft.com/info/cpyright.htm"
> >
>
>
- Next message: Fjodor: "Prevent users from disjoining"
- Previous message: Stephanie: "Lock down application"
- In reply to: D. Cross [MS]: "Re: CertSrv Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
