Q: Can Encrypting File System (EFS) certificates and Web application client certificates conflict with one another? In our environment, we use EFS to secure the My Documents folder on laptops. We also have a key business partner whose extranet requires some of our users to install a client certificate for secure Web-based access to logistics information. One such user’s client certificate recently expired, so I deleted it and requested a new one from our business partner’s Certification Authority (CA). After the CA issued the new certificate, I installed it on the user’s workstation and everything appeared to be working fine. A short time later, however, I received a call from the user saying that he couldn’t access his encrypted My Documents folder. I knew I hadn't deleted the user’s EFS certificate, and I quickly confirmed that by using the Microsoft Management Console (MMC) Certificates snap-in. Luckily, we were able to recover the user’s files using the EFS Recovery Agent certificate. Apparently, the client certificate—rather than the EFS certificate that we provide through the domain—had encrypted the user's files. Is that possible, and if so, why? Aren’t certificate templates supposed to define what purposes a certificate can be used for?. . .
Already a VIP member?
Please log on to view the full article
Why become a VIP member?
VIP-only online access
VIP CD delivered twice a year: offline access to the entire Windows IT Pro article library
Monthly issue of your choice of Windows IT Pro or SQL Server Magazine
You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor?
Register now
It's official: Google will compete head-to-head with Microsoft's dominant Windows OS with a new system called Google Chrome OS. Based on the Google Chrome browser and not its previous OS effort, the smart phone-based Android system, Google Chrome OS will ...
How Thin-Client Virtual Desktops Can Improve ROI Read this Essential Guide to get a technical overview of VDI and understand what you need to consider when planning for desktop virtualization.
New from Left-Brain.com - Exchange Server 2007 Training Package This intensive, 21-hour training course can easily eliminate up to four years of trial, error, and frustration! You’ll learn how to avoid the costly misconfigurations that even the most seasoned experts make. Find out more!
Improve SharePoint Performance on a WAN Learn how to increase in user-perceived remote performance in SharePoint 2007 while decreasing the load on W front-end servers (WFE).
Get Windows IT Pro To Go & Save 25% The Windows IT Pro Master CD is a powerful combination of content and convenience. Instantly search over 10K solution-driven articles instantly, and get online access to new articles each month at windowsitpro.com. Subscribe today!
Register
