Why do my installed SSL Client Certificates show up when I log into a profile locally but they do not when I log into the profile remotely through terminal services?

Here's the scoop: I just installed SSL Client Certificates for a profile on my server. When I log into the profile locally, the certificates show up. When I login remotely through terminal services, they don't.

To give some background, I have police laptops that remote into a server with locked down profiles using 3G air cards plugged into toughbooks. Once logged into the server, they access their database and are able to surf to a list of whitelisted websites in IE6.

One particular website uses SSL security certificates to verify client identities. When I go to this particular website, using the same profile, the certificates work fine when logged in locally but don't show up when logged in remotely.

Any guidance on what security settings are causing this and how to fix this?
malatexAsked:
Who is Participating?
 
Hypercat (Deb)Connect With a Mentor Commented:
If they log on to the TS using domain accounts, as opposed to local accounts on the TS, you need to check in the users' properties in Active Directory to see if they have roaming profiles set up.  If they're logging on locally with accounts that are created locally on the TS, then check out their local accounts to see if their profiles are using a different path than the local default (i.e., C:\Documents and Settings, etc.) path.  
0
 
Hypercat (Deb)Commented:
When you say "when logged on locally," do you mean logging on to the terminal server directly using the user's name and password?  How do you have the profiles set up for TS users, using roaming profiles or just local profiles on the TS?
0
 
malatexAuthor Commented:
I'm almost positive they are just local profiles on the TS. Since we aren't running a VPN I'm not sure that roaming profiles would even work. I apologize for my ignorance as I'm a tech doing admin work that is kinda' outside of my current skill set.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
malatexAuthor Commented:
Oops... I should add that yes, when I say "logged on locally" I mean physically sitting down at the server and logging on.
0
 
malatexAuthor Commented:
The setup is actually using a workgroup as opposed to a domain, as lame as that is. Interestingly enough, while reading your post it occured to me what happened. I forgot that the Police Department is running a terminal server and a separate file server and the user installed the licenses on the file server. I had her remote into the TS using the same login and install a test certificate and it worked fine. Since we have the profiles locked down hardcore, I had to find a way to temporarily disable the group policy settings so I found a program that could do that: http://www.petri.co.il/killpol.htm
Worked like a charm once we found a backdoor to run the program from her flash drive. From there we were able to get the licenses to show and although there are a few quirks still, I seem to have figured out what was going wrong. Thanks a lot for the help and for inspiring a resolution.
0
 
malatexAuthor Commented:
I'm not sure what the proper protocol is for this since you didn't actually come up with the exact solution but I gave you partial ratings, A (Excellent) grade for your help.
0
 
Hypercat (Deb)Commented:
Hey - glad you found the resolution, and thanks for awarding the points!
0
All Courses

From novice to tech pro — start learning today.