| File Services |
Please note that the following information is primarily intended for technical support staff and advanced users. Editing the system registry can have catastrophic consequences if done incorrectly. If you are having difficulty using your wireless after having your computer migrated to the domain, please contact the IT Help Desk at 231-8685 (option 1).
ISSUE:
After a laptop has been joined to the AD, any account that was migrated can no longer access the NDSU secure wireless. This does not affect new accounts created on the laptop after joined to the AD that were not migrated.
SOLUTION:
Remove the customer's PROTECTED ROOTS key in the registry to allow them to re-install their wireless certificate. To do this, we will first take ownership (control) of the key and then delete it. Please note: This must be done INSIDE the customer's profile, using the CUSTOMERS credentials for ALL UAC requests
1) Open the Registry Editor by clicking on Start and then Run - type Regedit
2) Browse to the following key - HKEY_USERS\
There should be two long keys that look identical except one has "_Classes" at the end. If you have more than two - please see additional notes before continuing. For this example, the key we will be using is named S-1-5-21-12345678-12345678-12345678
3) Open HKEY_USERS\S-1-5-21-12345678-12345678-12345678\Software\Microsoft\SystemCertificates\Root
4) Highlight ProtectedRoots
5) From the file menu at the top click on Edit and then Permissions *click OK on any error messages you may receive
6) In the new window, click on advanced and then OK. Now click on the Owner tab at the top.
7) Highlight your user name in the list then click Apply and OK
8) From the Permissions for "ProtectedRoots" click Add and then select Location
9) Now select the computer name at the top (Probably starts with SU) and then click OK -> Advanced -> Find Now
10) Double-click Administrators and then click OK and then Apply
11) Delete the ProtectedRoots key
12) Restart the computer
13) Reinstall the NDSU Secure Wireless available at https://secure.ndus.nodak.edu/services/enroll.cgi
If there are more than two long keys
To find which key is your key, open the following location:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\ProfileList
Systematically highlight each subkey
Look for the value in the string ProfleImagePath of each subkey. When you find the one related to the cstomers name, make note of the subkey name on the left, this is their subkey name.
