p_tippett
asked on
Removing Certificate Services
We currently have 2 Windows 2000 Domain controllers and a member server which runs Certificate Services (Enterprise Root CA).
The certificate server is old and will be decommissioned. We will eventually put a new server in place and use that for issuing certificates. The only reason I think this Certificate server exists currently is for EFS, and there doesn't seem to be many users, if any at all who actually encrypt files. My question is can I safely uninstall Certificate services from this server.
I realise we wouldn't have a valid recovery agent but that wouldn't be an issue if there aren't any users encrypting files. The thing is both our Domain controllers have acquired a certificate from the certificate server and what I want to know is will uninstalling certificate services bring any detremental effects on the Domain controllers. What process / procedure do I need to follow to uninstall certificate services?
I cannot find anything in Group policy to suggest certificates are being used except as a recovery agent.
The certificate server is old and will be decommissioned. We will eventually put a new server in place and use that for issuing certificates. The only reason I think this Certificate server exists currently is for EFS, and there doesn't seem to be many users, if any at all who actually encrypt files. My question is can I safely uninstall Certificate services from this server.
I realise we wouldn't have a valid recovery agent but that wouldn't be an issue if there aren't any users encrypting files. The thing is both our Domain controllers have acquired a certificate from the certificate server and what I want to know is will uninstalling certificate services bring any detremental effects on the Domain controllers. What process / procedure do I need to follow to uninstall certificate services?
I cannot find anything in Group policy to suggest certificates are being used except as a recovery agent.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
My theory is if I revoke the certificates and remove the EFS agent in the GPO then stop the service and then monitor I believe if there is no Cert server the DC's cannot obtain a certificate - does that sound reasonable? Then I should be in a position to remove Cert services. Presumably I wouldn't have any problems then installing Cert services on a different server in a few months???