Knowledge Base

What's Microsoft Credentials Roaming:
Microsoft Credential Roaming allows you to store certificates in Active Directory and then roam with users. It also eliminates duplicate certificates, reducing certificate management overhead.

Credential Roaming:

•  Credential roaming allows user certificates and private keys to be stored in Active Directory.
• When using credential roaming, the certificates and keys are downloaded when a user logs on, and if desired, the certificate and keys are removed when the user logs off.
• The advantage of credential roaming is that the certificate and key will follow the user no matter which computer the user logs on to. Credential roaming is supported in Windows 7 and newer Windows operating systems.

How to enable Credential roaming ?

To enable credential roaming, use the following settings in a GPO User Configuration\Policies\Windows Settings\Security Settings\Public Key Policies\Credential Roaming.  
 

• User Configuration - Policies - Windows Settings - Security Settings - Public Key Policies - Certificate Services - Credential Roaming Settings
• Enable "Roam the user's Certificates and Keys"
• Disable "Roam stored usernames and passwords"

Credential roaming is triggered during the following operations:

• Logging on and logging off
• Locking and unlocking the workstation Updating the group policy cycle (or forcing an update by typing the gpupdate /force command)
• Running the regular update cycle (eight hours by default) 
• Using the command certutil -user –pulse