Re: Problem setting the "Valid To" for EFS certificates

Thanks for the reply. I have set the PeriodUnits from the default of 2. It
does not make sense to me why the registry setting would be 2 but default
templates such as Recovery Agent is set to 5!

Brian Komar, please reply to this. You seem to be THE MAN on EFS since I
have read a lot of your replies. We are have a 2003 Enterprise CA and we
need to encrypt data on about five different servers. Is roaming credentials
the way to go with this? I don't want to put each person's private key on
each server. That would be a management mess. The way that I believe
credential roaming will work is that the server will request the private key
from the Active Directory and then the server will impersonate the person to
encrypt the file. This way the private key is not actually on the remote
server, only in the AD and the local computer store.

One last question. Why will the supersede not work? We have turned off
Basic EFS template and created a new template. When we turn on autoenroll,
it will pull a self-signed certificate instead of our custom template.

Thanks for your help.

Brian

Brian Komar wrote:
I have a 2003 CA setup and the certificate for the CA is set to 20 years. No
matter what certificate I publish the validity period will be no more than
[quoted text clipped - 3 lines]

Any thoughts?

There are two registry settings that must be modified to allow
certificates greater than two years.
For example, to increase to five years (subject to the remaining
lifetime of the CA):

certutil -setreg ca\ValidityPeriodUnits 5
certutil -setreg ca\ValidityPeriod "Years"
net stop certsvc
net start certsvc

This will accomplish what you are after.
Brian

--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-security/200607/1
.

Relevant Pages

  • Re: problem with RWW
    ... But they can access OWA directly. ... network configuration of the SBS 2k3 server. ... were created by using a template. ... can the new user access OWA through RWW? ...
    (microsoft.public.windows.server.sbs)
  • [Full-Disclosure] NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)
    ... GroupWise 6.5, GroupWise 6.5 WebAccess ... Vendor Name: Novell, Inc. ... The server is not granting access to private files, ... Read only access to template files are allowed, ...
    (Full-Disclosure)
  • Re: Is this possible? Session sharing etc.
    ... automate Word on the web server. ... >supports saving in XML format, that is Word ML and Excel ML. ... >the browser nowadays with content type "application/ms.excel". ... >>>- Have a template, which is hosted on the Web Server. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Activacting Out of Office Assistant with a Pop 3 Server
    ... thank you for your assistance and detailed info! ... >> server and not an Exchange Server. ... > save it as a template. ... > When you're using Rules wizard, you aren't limited to only OOF replies. ...
    (microsoft.public.outlook.installation)
  • Re: Custom Template to override Normal.dot?
    ... If you are going to be a professional tech person, ... server, and mirrors it slowly at that. ... > custom template overrode the Normal.dot template. ...
    (microsoft.public.word.newusers)