-
标题
Does Migration Manager for Active Directory migrate Internet Explorer Certificates? -
说明
During the resource updating process, does Quest Migration Manager (QMM) for Active Directory migrate Internet Explorer certificates so that target users can use them?
-
解决办法
During the resource processing of workstations within Quest Migration Manager, Internet Explorer certificates are not modified. Therefore, the target user accounts will not be able to use these certificates. They can be manually exported by the source account and imported by the target account as a workaround.
These certificates arekept in Windows Protected Storage and anything that is storedthere (such as information for Auto complete option in IE, Outlook Express passwords, pop3 passwords, etc.) is encrypted and can only be accessed by the Original User. This information is not available when newtarget Users start using the old profiles becauseit is encrypted with the original objects SID stored underHKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider.
Refer to Microsofts Article - Windows 2000 Services for more information on Protected Storage:
http://www.microsoft.com/windows2000/techinfo/howitworks/management/w2kservices.asp
Protected Storage- provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services processes or users. (Protected Storage) P-Store is a set of software libraries that allows applications to fetch and retrieve security and other information from a personal storage location, hiding the implementation and details of the storage itself.The storage location provided by this service is secure and protected from modification. P-Store uses the Hash-Based Message Authentication Code (HMAC) and the SHA1 cryptographic hash function to encrypt the users master key. This component requires no configuration. Disabling it will make information protected with this service (for example, private keys) inaccessible to you. P-Store is an earlier service that has been supplanted by the Data Protection API (DPAPI), which is currently the preferred service for protected storage. Unlike DPAPI, the interface to P-Store is not publicly exposed. -
其他信息
Please also see the following additional articles:
Why arent my passwords for dialup access available after a resource updating?
https://support.quest.com/SUPPORT/index?page=solution&id=SOL18932Internet Explorer Auto Complete History is lost after a User Switch (migration)
https://support.quest.com/SUPPORT/index?page=solution&id=SOL14497