Follow

My users have to manually install certificates every time they log in

Product: ProfileUnity-FlexApp

Product Version: 5.2, 5.5

Expires on: 365 days from publish date

Updated: Jun, 13 2013

 

Problem:

They are personal e-mail certificates. Because it's financial institution users have to use them when sending out e-mail

 

Symptoms:

With each logon/logoff users have to reinstall the certificate which is missing next time they log back in on the next day.

 

Possible Resolution(s):

The most common reason for this is incomplete "Certificates" ruleset or it is completely turned off.

Step 1. Open ProfileUnity console, go to "Configuration Management" and make sure you have all rulesets below:

  • Name of Portability Ruleset: Certificates
  • Registry Rules:
    • Merge Tree HKCU 'Software\Microsoft\Cryptography'
      Merge Tree HKCU 'Software\Microsoft\SystemCertificates'
      Merge Tree HKCU 'Software\Microsoft\Windows NT\CurrentVersion\EFS'
      Exclude Tree HKCU 'Software\Microsoft\SystemCertificates\Root\ProtectedRoots'
      Merge Tree HKCU 'Software\Microsoft\Identities'
  • Filesystem Rules:
    • Merge User Profile 'AppData\Roaming\Microsoft\SystemCertificates'
      Merge User Profile 'AppData\Roaming\Microsoft\Crypto\RSA'
      Merge User Profile 'AppData\Roaming\Microsoft\Protect'

Example:

ProfileUnity.jpg

 

Step 2 . Verify your "Portability" Certificates rule has both options selected:

  • Apply Registry Rules
  • Apply Filesystem Rules

Example:

Rule.jpg

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.