EM does it the same: it "spoofs" the profile state so Windows thinks that you're using a Roaming profile (instead of a Mandatory) If you're going to use EM & Personalization to also save Certificates (user added or otherwise) you need to do the following: 1) Add HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates to the Desktop settings in Personalization or hive this key out using Registry Hiving in EM (btw, Registry Hiving is not Personalization; it's the "old" method of saving stuff while using a mandatory profile) 2) Make sure you copy the following directories to for instance your users home directory (copy out at logoff, copy in at logon): - %UserProfile%\AppData\Roaming\Microsoft\SystemCertificates - %UserProfile%\AppData\Roaming\Microsoft\Protect - %UserProfile%\AppData\Roaming\Microsoft\Crypto See the EM Snippet I made for you here: http://dl.dropbox.com/u/12257849/Hive_Certificates.zip (you can import this using the AppSense Policy Templates function in EM) Cheers, Ben On 19-01-2011 8:06 PM, "thin-digest@xxxxxxxxxxxxx" <thin-digest@xxxxxxxxxxxxx> wrote: >------------------------------ >*From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On >Behalf Of *Andy Friar >*Sent:* 19 January 2011 11:25 >*To:* thin@xxxxxxxxxxxxx >*Subject:* [THIN] Re: Cryptographic Providers failures > >It¹s something I haven¹t checked in awhile. > > > >Back when flex was flex you had to change the permissions on the >ProfileList >registry key so that flex could change the profile from a mandatory to a >roaming. This was despite the profile still being a mandatory. > > > >This enabled various functions which required certificates, saving a >password on an excel spreadsheet for example. > > > >As to how or even if EM currently do this I do not know. > > > >Andy > ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin Follow ThinList on Twitter http://twitter.com/thinlist ************************************************