Configuring Security

Set Per-User Security Options

Individual users can be enrolled in Advanced Security through Active Directory. Enrollment through Active Directory is similar to enrolling users through Key Manager in System Manager, except that the command only applies to the selected user.

In addition, administrators can use Active Directory to recover and revoke keys. This is also done on a per-user basis that is similar to performing the same task in System Manager.

One advantage of Active Directory is the additional detail that is displayed for each enrolled user. You can look up an individual's security status (such as "Enabled," "Disabled," "Token Issued," or "In Recovery"), their Key Management server, and the dates their certificates were activated and when they will expire.

To enroll individuals in Advanced Security, you can recover a user's keys, or revoke a user's certificates through Active Directory:

  1. Start Active Directory Users and Computers
    On the Start menu, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. In the console tree, click Users.
  3. In the details pane, right click the user, and then click Properties.
  4. On the Exchange Features tab, in the Features column, click E-mail Security, and then click Properties.
  5. In the Key Management Service Login dialog box, type your password, and then click OK. The default password is password.

    Note   You will have to re-type your password each time you try to perform a Key Management task in Active Directory.

  6. In the user's E-mail Security dialog box, perform one of the following tasks:

Related Topics

Enroll Users Recover Keys Revoke Certificates