http://blogs.technet.com/mgoedtel/archive/tags/Security/default.aspxTags: Securityen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/mgoedtel/archive/2007/08/22/local-certificate-created-on-agent-managed-device.aspxWed, 22 Aug 2007 22:07:00 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:1804389mgoedtel0http://blogs.technet.com/mgoedtel/comments/1804389.aspxhttp://blogs.technet.com/mgoedtel/commentrss.aspx?PostID=1804389<P>So the other day I was presented with a question from my customer that I found interesting and did not have an immediate answer for.&nbsp; The question was,&nbsp;"why does Operations Manager 2007 create a certificate in the local store on an agent managed device?"&nbsp; I was curious myself since all agent managed devices were in the same Forest/Domain as the Management Group, and therefore Kerberos authentication is used.&nbsp; Hmm, let me research that further.</P> <P>Well I come to find out that the reason is the following as explained by the product group, "The certificates are generated for the Run As Execution feature.&nbsp; When the agent is installed, the certificate is automatically generated and sent to the RMS, where it is used to provide an additional layer of encryption over RunAs related secrets.&nbsp; This ensures the RunAs secrets can be securly transported from the RMS to the MS, and finally to the Agent."</P> <P>&nbsp;So there you have it.</P> <P mce_keep="true">&nbsp;</P><img src="http://blogs.technet.com/aggbug.aspx?PostID=1804389" width="1" height="1">Operations Manager 2007Security