G
Guest
Hi!
EFS and MS Win2K3 CA and PKI are established in network.
EFS on WinXP can get certificate (Basic EFS certificate template) on demand
where there is EFS encryption required (user changes encryption properties
for folder).
But EFS cannot get certificate from MS CA if certificate template is other
than Basic EFS. If Basic EFS certificate template don't allow for enrollment
(based on user permissions or is not published on CA) then EFS issue
self-issued EFS certificate which is not what we want. And the same
functionality we get is if we have other certificate template with EFS EKU.
Of course this other certificate template is just copy of Basic EFS but it
cannont be issued on demand like Basic EFS.
Why just Basic EFS certificate template?
What is the right solution?
Your help will be very appreciated.
Regards
Milan Ojstersek
EFS and MS Win2K3 CA and PKI are established in network.
EFS on WinXP can get certificate (Basic EFS certificate template) on demand
where there is EFS encryption required (user changes encryption properties
for folder).
But EFS cannot get certificate from MS CA if certificate template is other
than Basic EFS. If Basic EFS certificate template don't allow for enrollment
(based on user permissions or is not published on CA) then EFS issue
self-issued EFS certificate which is not what we want. And the same
functionality we get is if we have other certificate template with EFS EKU.
Of course this other certificate template is just copy of Basic EFS but it
cannont be issued on demand like Basic EFS.
Why just Basic EFS certificate template?
What is the right solution?
Your help will be very appreciated.
Regards
Milan Ojstersek