Using machine cert for 2nd factor VPN authentication as a normal u
- From: Ben Drawbaugh <Ben Drawbaugh@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 23 Mar 2009 13:49:01 -0700
We want to use the machine certificate as the second factor for VPN
authentication with our Anira solution, but are having a problem with the
NTFS permissions of the certificate.
Our users are not local administrators on their workstation and since the
machine certificates don't inherit permissions from the parent folder, the
user doesn't have read access to the machine certificate. Changing the
permissions is easy enough with an SMS package, but with about 20 machines
renewing their certificates a day, this is not a workable solution.
Is there a way to change the default permissions of an autoenrolled machine
certificate? This way the users will have read and thus the ANIRA VPN client
will be able to access the certificate when launched as a regular user?
- Prev by Date: Re: Rootkit finders and removers
- Next by Date: Profile issue after changing a users group membership
- Previous by thread: How to generate a security template from current computer settings
- Next by thread: Profile issue after changing a users group membership