Advanced Security Configuration
You administer advanced security for users by configuring the property pages in the CA object. You also administer advanced security for a site by configuring the property pages in the Site Encryption Configuration object. The property pages for configuring advanced security can be used to:
- View the name of the Microsoft Certificate Server computer.
- Assign permissions on the KM server for Windows NT user accounts.
- Add and remove KM server administrators, and change KM server administrator passwords.
- Set multiple password policies to recover and revoke user security keys and import or untrust another certification authority's certificate. Untrusting a certificate removes the trust placed in the certificate when it was imported.
- Enroll users in advanced security individually or in bulk.
- Issue certificates that are compatible with your environment.
- Import or untrust certificates from outside your organization that contain information necessary for digital signatures and encryption.
- View certificate trust list names, issuers, and expiration dates of outside organizations or certification authorities (CAs) that are currently certified on your Microsoft Exchange Server computer.
Getting to the CA property pages
- In the Administrator window, choose Configuration in the site where the KM server is located.
- Double-click CA.
- In the Key Management Server Passwords box, type the advanced security administrator password, and then choose OK (if prompted). If this is the first time you are using KM server, the KM server password is password.