Disable install certificates on a desktop computer for users

Hi!

Below I put how to block that a user cannot install certificates on a desktop.

Regards!

In a new GPO on User config configure the following settings to block a user for can not install certificates with internet explorer or use the certificates snapin:

Imagen

The next step is to block by GPP than a user cannot install cert doing double click on the cert. The path to configure this is Computer Configuration\Windows Settings\Security Settings\File System

Imagen

There we add the following exe´s:

%SystemRoot%\system32\certutil.exe

%SystemRoot%\system32\CertEnrollCtrl.exe

%SystemRoot%\system32\certmgr.msc

%SystemRoot%\system32\certreq.exe

%SystemRoot%\system32\cryptext.dll

Imagen

And add a new user group denying permissions.

Imagen

When user will do double click will appear the following message.

Imagen

Regards

Anuncios

Warning in Win XP accessing to HTTPS websites

Hello!

Today an end user told me that when she go to a secure website (HTTPS) it show a warning message like that:

Imagen

The problem is that she is using Windows xp an need a fix to solve it, she can´t access to any website with HTTPS. The issue is interesting because affect to all certificates with less than 1024 bits. Here I put the link to the KB.

http://blogs.technet.com/b/pki/archive/2012/07/13/blocking-rsa-keys-less-than-1024-bits-part-2.aspx

http://support.microsoft.com/kb/2661254/en-us

Regards!

OWA error – Out of memory

Hi!

When you are in OWA (Exchange 2007) and you try to repply an email by example and look a message with an out of memory error you can execute a .cmd file that reregister a lot of .dlls and it works for me with Windows 7 SP1 x86 with IE9.

The .cmd and the explanation is here:

http://iefaq.info/index.php?action=artikel&cat=42&id=133&artlang=en

Regards!