Profiles and Digital Certificates in windows 2000

  • Thread starter Thread starter Stephen Shields
  • Start date Start date
S

Stephen Shields

I am having an pain of a problem with digital certificates
in windows 2000 for access to web sites when using
profiles.

If I give my users manditory profiles the cannot import a
digital certificate (The import returns an error saying a
cryptographic service provider needed may not be installed)

If I add digital certificate to a roaming profile and
then change the profile back to manditory I get the error
when trying to access the site.

The only way I have found is to keep the profile as a
roaming profile all the time the problem with this is the
users keep messing them up and I have to recreate the
whole profile again.

Has ony one seen this and can it be fixed with a GPO or
some settign I have missed?

Thanks
Stephen
 
You cannot use certificates with mandator profiles. The issue here is that
when the private key is installed into the profile it is protected by DPAPI
so that only the user who installed it will be able to use it. So later if
you create a readonly share of the profile to be used by other users they
will not be able to use the private key. They can also not request and
install certificates since the profile is readonly
 
Back
Top