[THIN] Re: thin Digest V10 #22

• From: Ben Pelzer <Ben.Pelzer@xxxxxxxxxxx>
• To: "thin@xxxxxxxxxxxxx" <thin@xxxxxxxxxxxxx>
• Date: Thu, 20 Jan 2011 09:42:34 +0100

EM does it the same: it "spoofs" the profile state so Windows thinks that
you're using a Roaming profile (instead of a Mandatory)

If you're going to use EM & Personalization to also save Certificates
(user added or otherwise) you need to do the following:
1) Add HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates to the
Desktop settings in Personalization or hive this key out using Registry
Hiving in EM
(btw, Registry Hiving is not Personalization; it's the "old" method of
saving stuff while using a mandatory profile)

2) Make sure you copy the following directories to for instance your users
home directory (copy out at logoff, copy in at logon):
- %UserProfile%\AppData\Roaming\Microsoft\SystemCertificates
- %UserProfile%\AppData\Roaming\Microsoft\Protect
- %UserProfile%\AppData\Roaming\Microsoft\Crypto

See the EM Snippet I made for you here:
http://dl.dropbox.com/u/12257849/Hive_Certificates.zip
(you can import this using the AppSense Policy Templates function in EM)

Cheers,

Ben

On 19-01-2011 8:06 PM, "thin-digest@xxxxxxxxxxxxx"
<thin-digest@xxxxxxxxxxxxx> wrote:

>------------------------------
>*From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
>Behalf Of *Andy Friar
>*Sent:* 19 January 2011 11:25
>*To:* thin@xxxxxxxxxxxxx
>*Subject:* [THIN] Re: Cryptographic Providers failures
>
>It¹s something I haven¹t checked in awhile.
>
>
>
>Back when flex was flex you had to change the permissions on the
>ProfileList
>registry key so that flex could change the profile from a mandatory to a
>roaming. This was despite the profile still being a mandatory.
>
>
>
>This enabled various functions which required certificates, saving a
>password on an excel spreadsheet for example.
>
>
>
>As to how or even if EM currently do this I do not know.
>
>
>
>Andy
>

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
Follow ThinList on Twitter
http://twitter.com/thinlist
************************************************

Other related posts:

• » [THIN] Re: thin Digest V10 #22 - Ben Pelzer

1. Home
2. thin
3. Archive
4. 01-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---