Configuring Security

Revoke Certificates

To disable Advanced Security for a specific user, revoke the user's certificate. For example, when a user leaves a group that required Advanced Security, or if you feel that a user's keys have been compromised, remove the user from KMS.

To revoke certificates:

  1. Start System Manager
    On the Start menu, point to Programs, point to Microsoft Exchange, and then click System Manager.
  2. In the console tree, click Advanced Security.
  3. In the details pane, right-click Key Manager, point to All Tasks, and then click Revoke Certificates.
  4. In the Key Management Service Login dialog box, type your password, and then click OK. The default password is password.

    Note   You will have to re-type your password each time you try to perform a task or click a tab in the Key Manager Properties dialog box.

  5. In Revoke Users, select the user whose certificate you want to revoke. You can only revoke one certificate at a time.
  6. To move the person into the Selected users column, click Add.

    Note   If you make a mistake, such as selecting the wrong person, click Remove to return the user to the Available users column.

  7. To revoke a user's certificate, click Revoke. Certificate Services will add the certificate to the CRL.

A revoked user will be able to enroll in Advanced Security again with a new certificate. The user's old certificate will remain on the CRL.

Important   The Key Management server must have manage permissions on the Certificate Services server that issued the certificate you want to revoke.

Related Topics

Set Per-User Security Options