How to revoke and delete Active Directory user certificates

The Active Directory (AD) implementation used with Windows Server 2003 has a feature called, autoenrollment that you can configure to automatically revoke and delete user certificates on the Certificate Authority (CA).

To set up the autoenrollment feature, follow these steps:

1. Go to the Group Policy Objects (GPO) settings, and select Properties for the object, then click Edit and drill down until you get to "Object Type."

2. Right click on "Autoenrollment Settings" and go to "Properties."

3. Check "Enroll Certificates Automatically" and once the box appears, select the two checkboxes underneath it.

4. Click OK and you're done.

Visit the Microsoft Web site for a more in depth explanation (http://microsoft.com).

The autoenrollment feature should add a little bit of extra system access security. If you choose not to use it, you have to delete all user accounts from the system manually. Also, remember that loose certificates sitting on compromised machines, stolen laptops or other errant equipment, can be exploited by users whose accounts may be gone, but whose ghosts aren't.

Rate this Tip To rate tips, you must be a member of SearchMidmarketSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Microsoft identity and access management Understand the pros and cons of Microsoft Windows 7 DirectAccess Microsoft SharePoint security hinges on authorization, external user management Poor Microsoft SharePoint security permissions policies can derail deployments How to use Kerberos and Credential manager for Windows single sign-on Three ways to prioritize endpoint security over perimeter defenses Microsoft Windows RMS enables granular access control over sensitive data Microsoft Stirling Beta 2 release includes Exchange SaaS offering Demystifying identity management Five key challenges in managing identities Quiz: Building an identity and access management architecture RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.