To disable Advanced Security for a specific user, revoke the user's certificate. For example, when a user leaves a group that required Advanced Security, or if you feel that a user's keys have been compromised, remove the user from KMS.
To revoke certificates:
Note You will have to re-type your password each time you try to perform a task or click a tab in the Key Manager Properties dialog box.
Note If you make a mistake, such as selecting the wrong person, click Remove to return the user to the Available users column.
A revoked user will be able to enroll in Advanced Security again with a new certificate. The user's old certificate will remain on the CRL.
Important The Key Management server must have manage permissions on the Certificate Services server that issued the certificate you want to revoke.
Related TopicsSet Per-User Security Options