Re: W2K Standalone Recovery Certificate

From: Miha Pihler (miha.pihler_at_Atlantis-N0Spam.si)
Date: 07/26/03

  • Next message: Miha Pihler: "Re: File Access Security - Dual Boot with both W2K Pro partition" 
    Date: Sat, 26 Jul 2003 00:11:02 +0200

    Hi,

    this might help you out...
    http://support.microsoft.com/default.aspx?scid=kb;en-us;230490 

    -- 
Mike
MCSA 2K, MCSE 2K, MCT, ...
"Doug Clemons" <dclemons@rochester.rr.com> wrote in message
news:022701c352f0$3ce00990$a601280a@phx.gbl...
> I am the administrator of a walk-up type workstation
> running W2K. For various reasons, it's a standalone
> machine not connected to any domain. There are numerous
> users(8+) who need access to this machine and we recently
> implemented EFS for all users. By default, I'm the
> recovery agent, I'd like to add one and possible two
> others. When I try to request new certificates for these
> individuals using Users and Paswords/Advanced/New
> Certificate I get an error that says something
> like "windows can't find an authority to process this
> request". No surprise, as I can't run CA services, but I
> thought W2K would self-sign a standalone requested
> certificate? Using the mmc Certificates snap-in gives me
> similar results. So, I import/export/install my
> certificate to the users personal certificate store and
> try to add them under mmc public key/encrypted data
> recovery agents. Everything seems to go fine, the wizard
> tells me it worked and then I get a message that
> says "certificate store already contains the selected
> certificate. Delete the duplicate before adding" and it
> kicks me back out to mmc...without another certficate/user
> added to the EDRP. I know some tricks, deleting the
> certificate, using regsvr32 to change the registry and
> logging back in as the user generates a certificate. But
> isn't there another, easier way????
  • Next message: Miha Pihler: "Re: File Access Security - Dual Boot with both W2K Pro partition"

    Relevant Pages

    • Re: Computer and User Certificates Issues
      ... Enrollment of User Certificates using the custom v2 User Certificate Template ... I can NOT request the custom v2 Computer Cert nor the included v1 no ... Concerning permissions, these are the exact permissions I am using now: ...
      (microsoft.public.security)
    • Re: Cannot request computer certificate.
      ... request a computer certificate for about 9 months. ... and verify that you can get a computer/server certificate from it. ... List of NetBt transports currently bound to the Redir ... DNS Host Name: srvr3.domain.com ...
      (microsoft.public.windows.server.security)
    • RE: SIMple SSL question ??
      ... OK - i would also delete a cert request file lying around. ... But a certificate is a pub key + extra info. ... That said - if someone compromises the server he will also find a way to retrieve the private key. ... traffic between the initial web server and the client. ...
      (microsoft.public.dotnet.security)
    • Re: how can we restrict what certificate WSE will use?
      ... the valid x509 certificate which is used to identify him'. ... X509SecurityTokenManager to verify the request is from a trusted client. ... the problem is that he can not passed the authentication (suppose we ... > decrypte and signature validation process. ...
      (microsoft.public.dotnet.framework.webservices.enhancements)
    • Re: Web Certificate Enrollment security problem
      ... Enrollment works only with the NetBIOS Name and not with the FQDN. ... Svyatoslav Pidgorny, MS MVP - Security, MCSE ... access auditing and logging "issue and manage certificate requests" on ... Have seen that there is a component "Certsrv Request" when launching ...
      (microsoft.public.security)
    • Quantcast