I want to remove encryption abilities within my domain.
I understand I have to delete the default recovery agent certificate on the Domain Controller.
Are there any other steps I need to take.
I heard i need to set up an empty policy to ensure lower level policies dont take precedence...does any one have more detail on this?
Also how do I change the CRL location?