[THIN] Re: thin Digest V10 #22

  • From: Ben Pelzer <Ben.Pelzer@xxxxxxxxxxx>
  • To: "thin@xxxxxxxxxxxxx" <thin@xxxxxxxxxxxxx>
  • Date: Thu, 20 Jan 2011 09:42:34 +0100

EM does it the same: it "spoofs" the profile state so Windows thinks that
you're using a Roaming profile (instead of a Mandatory)

If you're going to use EM & Personalization to also save Certificates
(user added or otherwise) you need to do the following:
1) Add HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates to the
Desktop settings in Personalization or hive this key out using Registry
Hiving in EM
(btw, Registry Hiving is not Personalization; it's the "old" method of
saving stuff while using a mandatory profile)

2) Make sure you copy the following directories to for instance your users
home directory (copy out at logoff, copy in at logon):
- %UserProfile%\AppData\Roaming\Microsoft\SystemCertificates
- %UserProfile%\AppData\Roaming\Microsoft\Protect
- %UserProfile%\AppData\Roaming\Microsoft\Crypto

See the EM Snippet I made for you here:
(you can import this using the AppSense Policy Templates function in EM)



On 19-01-2011 8:06 PM, "thin-digest@xxxxxxxxxxxxx"
<thin-digest@xxxxxxxxxxxxx> wrote:

>*From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
>Behalf Of *Andy Friar
>*Sent:* 19 January 2011 11:25
>*To:* thin@xxxxxxxxxxxxx
>*Subject:* [THIN] Re: Cryptographic Providers failures
>It¹s something I haven¹t checked in awhile.
>Back when flex was flex you had to change the permissions on the
>registry key so that flex could change the profile from a mandatory to a
>roaming. This was despite the profile still being a mandatory.
>This enabled various functions which required certificates, saving a
>password on an excel spreadsheet for example.
>As to how or even if EM currently do this I do not know.

For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
Follow ThinList on Twitter

Other related posts:

  • » [THIN] Re: thin Digest V10 #22 - Ben Pelzer