MZ@ !L!This program cannot be run in DOS mode. $Rؕ3}3}3}H̴3}H̱3}Rich3}PEL!  h@g.rsrcph@@8Pxp.fghk0lHm`px 8IPyh(@XpDXbl0H ` x  -8P h  ( @ X p        0 H !` "x # $ % & 1 9 = @8 ~P h   ( @ X p                      (  8  H  X  h  x                    ( 8 H X h x           ( 8 H X h x           ( 8 H X h x           ( 8 H X h x           ( 8 H X h x"X#x$d%(%(d+ /59:&<?A|CEdGlIbKlQ xSV|X^Zx] ad i8msXxH{NP:<ȕtxhpPlLdl|PT|Z, Vd(ph|V *X  n (',R\:Z>8?6pAF@4GJ`8OOP4R(SpTxVVr`[@ceTfrlzDq|rJ tMUI!nPMS Shell DlgPs;Completing the Add Recovery Agent WizardPs(You have successfully completed the Add Recovery Agent wizard.Ps;The following users have been designated as recovery agents:PsPUSysListView32List1PsTo close this wizard, click Finish.PA@H=MS Shell DlgPSelect the users you want to designate as recovery agents. You may select the users directly from Active Directory if the certificates are published in the directory. Otherwise, you need certificate (.cer) files for the users you want to designate.P$&Recovery agents:P.KSysListView32List2P.FBrowse &Directory...P@FBrowse &Folders...@H=MS Shell DlgPs ,Welcome to the Add Recovery Agent WizardPs(!This wizard helps you designate selected users as recovery agents for files that have been encrypted by other users. Recovery agents can decrypt files using their certificates and public keys.PsOIn Group Policy Editor, you can specify the scope (domain or organizational unit) of a recovery agent.PsfTo continue, click Next.HH Enrollment Policy ConfigurationMS Shell DlgPEnroll user and computer certificates automaticallyP(x&Configuration Model:!P'x$P=&Renew expired certificates, update pending certificates, and remove revoked certificates$P[&Update certificates that use certificate templatesPr&Log expiry events and show expiry notifications when the percentage of remaining certificate lifetime isP$6P+ msctls_updown32P5%PAdditional &stores. Use "," to separate multiple stores. For example: "Store1, Store2, Store3"P`$P&Display user notifications for expiring certificates in user and machine MY storeHH GeneralMS Shell Dlg P A &Not Configured P * &Enabled P #+ &DisabledP/,Maximum &tombstone credentials lifetime in days:P @06P7@ msctls_updown32P[,Maximum nu&mber of roaming credentials per user:P l06P7l msctls_updown32P,Maximum &size (in bytes) of a roaming credential:P 06P6 msctls_updown32P &Roam stored user names and passwordsPAȀKEFS Template SelectionMS Shell DlgP=&Select a certificate template to use for automatic EFS certificate requests:P=`Pz2OKPz2CancelHHFiltersMS Shell DlgPCredential Roaming Filtering options$P Roam smart card certificates$P :Roam DPAPI keys that are not used by roamed private keys$P VRoam private keys that are not used by certificatesPA@@=MS Shell DlgPs&Welcome to the Automatic Certificate Request Setup WizardPs2This wizard helps you set up automatic certificate requests for computers.PsIUsing automatic certificate requests, an administrator can specify which types of certificate can be automatically requested by a computer.PswTo continue, click Next.@@Certificates snap-inMS Shell DlgPThis snap-in will always manage certificates for: P &My user account P! &Service account P. &Computer accountPA@@Certificates snap-inMS Shell DlgPSelect the service account on %1 that you want this snap-in to manage.P,&Service account:P7r̀ Find CertificatesMS Shell DlgP Fin&d in:!P%MP +Con&tains:PB)P >+&Look in Field:!PB=HP)2Fi&nd NowP;2Sto&pPM2Ne&w SearchP_/#SysAnimate32Animate1PSSysListView32List1PA@@GeneralMS Shell DlgP*Certificate type:P4PICertificate purpose: PS+ P&Certificate authorities:" PE"PP"@H=MS Shell DlgPA certificate template is a set of predefined properties for certificates issued to computers. Select a template from the following list.PC&ertificate templates:P"[&SysListView32List1PADH=MS Shell DlgPs+(Completing the Automatic Certificate Request Setup WizardPt6You have successfully completed the Automatic Certificate Request Setup wizard.PsM The certificate template you selected is listed below:PsVW+SysListView32List1PA@@ GeneralMS Shell DlgPP".$P* .All&ow users to select new root certification authorities (CAs) to trustP:P?Client computers can trust the following certificate stores: $PO&Third-Party Root Certification Authorities and Enterprise Root Certification Authorities Pe &Enterprise Root Certification AuthoritiesPzTo perform certificate-based authentication of users and computers, CAs must meet the following criteria: P| &Registered in Active Directory only $PRegistere&d in Active Directory and compliant with name constraints requirements for user principal names (UPNs)ȀjSet PasswordMS Shell DlgPU2OKPU2CancelPEnter a password to protect the certificate PFX file:/IPv/PgPassword:P+gConfirm password:0IPv(0PLȀ View OptionsMS Shell DlgP8=View modePOrganize view mode by:y $P! &Certificate purpose4y $P. 4&Logical certificate storesPFShow the following:'y$PS '&Physical certificate stores5y$P` 5&Archived certificates@m Private &KeysPP2OKP2Cancel@HPrecedenceMS Shell DlgPThe following list contains the policies that can apply to this item. The policy at the top of the list has precedence and is the only policy applied to the item.P/SysListView32@HGeneralMS Shell DlgP& P10Description:P>1:P Not default levelPI&Set as DefaultP1Status:PTo make this the default security level for all software, click Set as Default.P2PA@H GeneralMS Shell DlgP0P"Use rules to override the default security level.P)1&Path:P3PD:&Browse...P\2&Security level:!Pg@P3&Description:DP!PODate last modified:PX@H GeneralMS Shell DlgP' Use rules to override the default security level.P82&Browse...PI0File inf&ormation:DPT$P:1&Security level:!PC<P2&Description:DPPNDate last modified:PWP3P'Click Browse to select the file you want to hash. The file's attributes, such as its size and the date and time it was created, are automatically populated.@H GeneralMS Shell DlgP%User rules to override the default security level.P*0&Network zone:!P5IPI1&Security level:!PT<P&2Description:DP$PNDate last modified:PWP3P%4This rule applies to software installed by the Windows Installer.PA@HGeneralMS Shell DlgP0P)( Use rules to override the default security level. Click Browse to select a certificate, and then select a security level.P3Certificate subject name:P=:P=2&Browse...PW1To view details about the selected certificate, click Details.PW2D&etails...PnF2&Security level:!POn]BP3&Description:DP&@4@5Note: Certificate rules will negatively impact the performance of your machine.PNDate last modified:PW@HGeneralMS Shell DlgP0The following file types define what is considered to be executable code. They are in addition to the standard program file types, such as EXE, DLL, and VBS.P.D1D&esignated file types:YP9^SysListView32List1P2&RemovePTo add a file type, type its extension, and then click Add.P.&File extension:P;:P_2A&dd@H GeneralMS Shell DlgP0Apply software restriction policies to the following: P All &software files except libraries (such as DLLs) P! All s&oftware filesP/ 1Note: If the default level is Disallowed, applying software restriction policies to libraries requires you to set rules for all the libraries used by a program in order to use the program.PY2Apply software restriction policies to the following users: Pe All &users Ps All us&ers except local administratorsP6When applying software restriction policies: P 3E&nforce certificate rules P 4&Ignore certificate rules@7@5Note: Certificate rules will negatively impact the performance of your machine.HH ,GeneralMS Shell DlgP*File encryption using Encrypting File System (EFS): P  &Not defined P  All&ow P%  &Don't allowP4,5Elliptic Curve Cryptography P@ 1Allo&w PJ 2&Require PT 3Don'&t allowPi>+OptionsPu  &Encrypt the contents of the user's Documents folderP  Require a &smart card for EFSP  Create caching-capable &user key from smart cardP  Display key ba&ckup notifications when user key is created or changedPAHH,CacheMS Shell DlgPClear encryption key cache when:P &Cache timeout occursPCache &timeout: P*26PB* msctls_updown32PS+minutesP= User locks &workstationPL/To ensure that the cache is cleared, smart cards must be removed from the smart card readers.PAHH ,CertificatesMS Shell DlgP )E&FS template for automatic certificate requests:P#P2$&Browse...P#`'Self-signed certificates$P1 !Allo&w EFS to generate self-signed certificates when a certification authority is not availablePF  &Key size for RSA self-signed certificates:!PQPG"P` (&Key size for Elliptic Curve Cryptography self-signed certificates:!PkPG4HH Enrollment PolicyMS Shell DlgP x&Configuration Model:!P xP#FWindows clients will use the default configuration for Certificate Enrollment Policy. To enable advanced configuration of Certificate Enrollment Policy change the option to "Enabled" in the drop-down above.P#xCertificate &enrollment policy list P4ISysListView32P#xP2A&dd...PE2&Remove...P2&PropertiesP!Additional certificate enrollment policy configurationP Disable &user configured enrollment policy serversHH ^Trusted PublishersMS Shell DlgP ,_Specify Trusted Publisher (Authenticode) policy options.P ,h YDe&fine these policy settingsP @J_`Trusted publisher management $PR'ZAllow all administrators and &users to manage user's own Trusted Publishers $Pj'[Allow only all a&dministrators to manage Trusted Publishers $P'\Allow only &enterprise administrators to manage Trusted PublishersP J8aAdditional checks during signature verificationP ]Verify that the publisher certificate is not &revoked (recommended)P ^Verify that the &timestamp certificate is not revokedPAHH GeneralMS Shell DlgP_Specify Trusted Publisher (Authenticode) policy options.P YDe&fine these policy settingsP)Z`Trusted publisher management $P6ZAllow all administrators and &users to manage user's own Trusted Publishers $PR[Allow only all a&dministrators to manage Trusted Publishers $Pf\Allow only &enterprise administrators to manage Trusted PublishersP5aAdditional checks during signature verificationP ]Verify that the publisher certificate is not &revoked (recommended)P ^Verify that the &timestamp certificate is not revokedPAH H ^StoresMS Shell DlgP 9Specify rules for user trust of root certification authority (CA) certificates and peer trust certificates.P ,h mDe&fine these policy settingsP <JJPer user certificate stores$PMnAllow user trusted &root CAs to be used to validate certificates (recommended)$PfoAllow users to trust &peer trust certificates (recommended)Pfmp&Select Certificate Purposes...P J<Root certificate storesP#Root CAs the client computers can trust: P" q&Third-Party Root CAs and Enterprise Root CAs (recommended) P"a rOnly &Enterprise Root CAsP$For certificate-based authentication of users and computers the client computers must use CAs registered in the Active DirectoryP: sCAs must also be compliant with &User Principal Name constraints (not recommended)H H^Network RetrievalMS Shell DlgP HSpecify options for retrieving validation data on a network.P ,h De&fine these policy settingsP@; Automatically update certificates in the &Microsoft Root Certificate Program (recommended)P QJ=Default retrieval timeout settingsP^%Default &URL retrieval timeout (in seconds): Recommended setting: 15 P_,P8_ msctls_updown32Pu&Default &path validation cumulative retrieval timeout (in seconds): Recommended setting: 20 Pv,P8v msctls_updown32P Allow &issuer certificate (AIA) retrieval during path validation (recommended)P"Cross-certificates &download interval (in hours): Recommended setting: 168 P,P8 msctls_updown32H H ^RevocationMS Shell DlgP )Specify policy options for using CRLs and OCSP responders during revocation checking.P ,h De&fine these policy settings$PCAlways &prefer Certificate Revocation Lists (CRL) over Online Certificate Status Protocol (OCSP) responses (not recommended)P#] Prefer &CRL over OCSP responses if number of cached OCSP responses corresponding to the same CRL distribution point is greater than: Recommended setting: 50 Ps,P8s msctls_updown32 PAllow CRL and OCSP &responses to be valid longer than their lifetime (not recommended)P# Time the vali&dity period can be extended (in hours): P,P8 msctls_updown32H H^PrecedenceMS Shell DlgP@The following lists contain the policies that can be configured in the Certificate Path Validation and where they are configured.P&@The left panel lists all the policies. For each policy in the left panel, its precedences (where it is configured and which configuration actually applies) are shown in the right panel. The precedence at the top of the right panel list is in effect.PJ&Policies:7PWSysTreeView32PK,Precedences:PWSysListView32Ȁ Select Certificate PurposesMS Shell DlgPSelect the types of certificates that users can trust.P$Choose purposes or enter object identifiers (OIDs)B1P3PG'&Add P\KP'&DeleteP2OKP2Cancel ȀKSelect ComputerMS Shell DlgP=Select the computer you want this snap-in to manage.P=LThis snap-in will always manage: P") &Local computer: (the computer this console is running on) P3S &Another computer:Pf2 P15B&rowse...$PG(Allo&w the selected computer to be changed when launching from the command line. This only applies if you save the console.@H=MS Shell DlgPs ,Welcome to the Add Recovery Agent WizardPs(!This wizard helps you designate selected users as recovery agents for BitLocker encrypted volumes. Recovery agents can decrypt volumes using their certificates and public keys.PsOIn Group Policy Editor, you can specify the scope (domain or organizational unit) of a recovery agent.PsfTo continue, click Next.@H=MS Shell DlgPSelect the users you want to designate as recovery agents. You may select the users directly from Active Directory if the certificates are published in the directory. Otherwise, you need certificate (.cer) files for the users you want to designate.P$&Recovery agents:P.KSysListView32List2P.FBrowse &Directory...P@FBrowse &Folders...@H>MS Shell DlgPs;Completing the Add Recovery Agent WizardPs(You have successfully completed the Add Recovery Agent wizard.Ps;The following users have been designated as recovery agents:PsPHSysListView32List1PsBefore this recovery policy can take effect the Configure BitLocker identification field in Group Policy must be enabled with a unique identifier.@H=MS Shell DlgPs ,Welcome to the Add Network Unlock Certificate WizardPs(!This wizard helps you designate a selected certificate for computers to use to create network protectors for BitLocker encrypted volumes. A network key protector protects a volume using a certificate s public key.PsOIn Group Policy Editor, you can specify the scope (domain or organizational unit) of a network unlock certificate.PsfTo continue, click Next.@H=MS Shell DlgPSelect the certificate you want to use as network unlock certificate. You may select the certificate directly from Active Directory if it is published in the directory. Otherwise, you need certificate (.cer) files for the certificate you want to use.P$&Network unlock certificate:P.KSysListView32List2P.FBrowse &Directory...P@FBrowse &Folders...@H>MS Shell DlgPs;Completing the Add Network Unlock Certificate WizardPs(You have successfully completed the Add Network Unlock Certificate wizard.Ps;The following certificate has been designated as your network unlock certificate:PsPHSysListView32List1PA@H=MS Shell DlgPs ,Welcome to the Add Recovery Agent WizardPs(!This wizard helps you designate selected users as recovery agents for Data Protection. Recovery agents can decrypt data using their certificates and private keys.PsOIn Group Policy Editor, you can specify the scope (domain or organizational unit) of a recovery agent.PsfTo continue, click Next.@H=MS Shell DlgPSelect the certificate you want to use as recovery agent certificate. You may select the certificate directly from Active Directory if it is published in the directory. Otherwise, you need certificate (.cer) files for the certificate you want to use.P$&Recovery agent certificate:P.KSysListView32List2P.FBrowse &Directory...P@FBrowse &Folders...@H>MS Shell DlgPs;Completing the Add Recovery Agent WizardPs(You have successfully completed the Add Recovery Agent wizard.Ps;The following certificate has been designated as your data recovery agent certificate:PsPHSysListView32List1PAUsersAdd Recovery Agent Wizard!Certificate Files (*.cer)|*.cer||+%1 does not contain a valid certificate. %2Invalid Certificate file. USER_UNKNOWN Certificates'Certificate display name not available.Software Restriction PoliciesPACertificates 1.0 Object&Manage Private Keys...OView or change the access security settings for the certificate's private keys.Microsoft Corporation Issued ByPACertificates (%1)#Certificates - Service (%1) on (%2)6The certificate cannot be pasted into the %1 store. %2Certificates (Local Computer)-Certificate Services Client - Auto-EnrollmentLogical Store NameWith Software Restriction Policies, you can define a default security level and rules (exceptions to that default security level) that specify what software is allowed to run on a computer. Software restriction policies are enforced when a user or process attempts to run software.Public Key PoliciesSecurity LevelsAdditional RulesName DescriptionTypeSecurity LevelLast Modified Date Request... New Path Rule"Re&new Certificate with New Key...PA?Renew a certificate that is close to expiration. Use a new key."Renew Certificate with Same Key...^Renew a certificate that is close to expiration. Use the same key as the selected certificate.!Request Certificate with Same KeyRenew Certificate with Same Key &Import...Add a certificate to a store &Export...Export a certificate Automatic Certificate Request...aCreate a new Automatic Certificate Request object and add it to the Security Configuration EditorSAFER Windows 1.0 ObjectSoftware Restriction Policies;The path cannot contain any of the following characters: %1Set as defaultMakes this level the default. New Hash Rule CertificatesNew Certificate Rule Issued ToExpiration Date&OpenView a certificateFi&nd Certificates...%Search for a certificate in the store Policy NameSetting&Request New Certificate...LRequest a new certificate from a certification authority (CA) in your domainEnabledDisabledEffective DateCertificates - Current User:Windows could not set %1 as the default security level. %2[not available] Friendly NameIntended PurposesNew &Path Rule...Adds a new path rule. Certificates Issued To Issued ByPANew H&ash Rule...Key Container NameReferenced by Certificate|The Certificates snap-in allows you to browse the contents of the certificate stores for yourself, a service, or a computer. Next Update Issued To Issued ByAdds a new certificate rule.New &Network Zone Rule...Adds a new network zone rule.All certificate storesNew &Certificate Rule...Find Certificate$This will clear your current search. Searching...1 Certificate FoundNo Certificates Found%1!d! Certificates FoundMD5 Hash SHA1 HashStore Found In!Adds a new application hash rule.Export Store...Export a certificate storeKey AlgorithmsExport a certificate trust listView a certificate trust list<All><None> Object TypePhysical Store NameCertificates - Current User Certificates Provider NameEnterprise TrustEditEdit the Certificate Trust ListCertificate Trust ListHCreate a new Certificate Trust List and add it to this certificate storeThe %1 certificate store already contains the following certificate: Friendly name: %2 Issued to: %3 Would you like to replace the existing certificate?kCertificate store already contains the selected certificate trust list. Delete the duplicate before adding.pCertificate store already contains the selected certificate revocation list. Delete the duplicate before adding.$Re&quest Certificate with New Key...SRequest a new certificate, but do not use the same key as the selected certificate.Deleting system root certificates might prevent some Windows components from working properly. The list of system critical root certificates can be reviewed at http://support.microsoft.com/?id=293781. If Update Root Certificates is installed, any deleted third-party root certificates will be restored automatically, but the system root certificates will not. Do you want to delete the selected certificate(s)?Certificates that are issued by this CA or any lower level CA will no longer be trusted. Do you wish to delete this certificate?kYou will not be able to read encrypted data using this certificate. Do you want to delete this certificate?PAyCertificates that verify to a certificate listed in this CTL may no longer be verifiable. Do you wish to delete this CTL?Removing this CRL may prevent Windows from performing revocation checking on certificates issued by this Certificate Authority. Do you still wish to delete this CRL?9Select a service account to manage on the local computer.0The selected certificate has no private key. %1The certificate you are about to copy refers to a private key. The private key will not be copied with the certificate. Are you sure you want to copy the certificate?Copy a Certificate&Trusted Root Certification AuthoritiesEncrypting File System&Add Data Recovery Agent...HAdd an existing certificate to the Group Policy as a data recovery agent&Create Data Recovery AgentGEnroll a new certificate into the Group Policy as a data recovery agent&Automatic Certificate Request Settings&Data Recovery Agent...*Automatic Certificate Request Setup WizardNameIntended PurposesAdd Recovery AgentThe selected user has no certificates suitable for Encrypting File System Recovery and cannot be added as a recovery agent. Select another user. Serial NumberPASelect a certificate template.Automatic Certificate RequestCAre you sure you want to delete this Automatic Certificate Request?DThe certificate is not suitable for Encrypting File System recovery.Should the public and private key pair, and the certificate be exported to a password protected PFX file and the private key deleted?$Create Automatic Certificate RequestPThe passwords you typed do not match. Type the new password in both text boxes. Set PasswordZIf you press "Cancel", the certificate will not be exported to a PFX file. Cancel anyway?1Unable to retrieve selected certificate template.Certification AuthoritiesGUnable to read enhanced key usage from Auto Certificate Request object.YCannot read certificate template information from a Automatic Certificate Request object.YEdit the Auto Certificate Request Object by launching the Auto Certificate Request Wizard"View a certificate revocation list$Export a certificate revocation listVerdana8Register Certificates snap-inGYou do not have sufficient rights to register the Certificates snap-in.Certificate Template]The next time a computer logs on, a certificate based on the template you select is provided.Select Recovery AgentsUOnly users who have recovery agent certificates can be designated as recovery agents.'Unable to open %1 certificate store. %2EUnable to open %1 certificate store. The user could not be added. %27Personal Information Exchange - PKCS #7 (*.pfx)|*.pfx||The certificates you are about to copy refer to private keys. The private keys will not be copied with the certificates. Are you sure you want to copy the certificates?Deleting system root certificates might prevent some Windows components from working properly. The list of system critical root certificates can be reviewed at http://support.microsoft.com/?id=293781. If Update Root Certificates is installed, any deleted third-party root certificates will be restored automatically, but the system root certificates will not. Do you want to delete the selected certificate(s)?Certificates that are issued by this CA or any lower level CA will no longer be trusted. Do you wish to delete these certificates?rYou will not be able to decrypt data encrypted using these certificates. Do you wish to delete these certificates?PA-Permanently delete the selected certificates?Deleting these certificates may invalidate CAs or remove your ability to decrypt data. Do you wish to delete these certificates?Public Key Policies &Options...3View or change Certificates snap-in display options Unable to save changes to %1. %2Status`Are you sure you want to delete the Encrypting File System policy from this Group Policy object?"%1 store contains no certificates. %1 store contains 1 certificate.%%1 store contains %2!d! certificates.%No certificates are available for %1.$One certificate is available for %1.%%1 certificates are available for %2.Status%The help file %1 could not be opened.4%1 store contains no automatic certificate requests.4%1 store contains one automatic certificate request.7%1 store contains %2!d! automatic certificate requests.%1 store contains no CTLs.%1 store contains one CTL.%1 store contains %2!d! CTLs.$The certificate cannot be validated."File type is unknown. Cannot open.There are no private keys.There is one private key.PAThere are %1!d! private keys.The Public Key Policies extension allows you to specify root certificates and set up certificate trust lists, automatic certificate requests and recovery agents.,Permanently delete the selected certificate?-Permanently delete the selected certificates? CertificatesCertificate Revocation ListCertificate Trust List$Request Certificate with Same Key...HRequest a new certificate using the same key as the selected certificateCertificates - File`The %1 certificate store could not be opened. Shut down the Certificates snap-in and try again. &Connect to another computer ...+Manage certificates on a different computer-Certificates - Service (%1) on Local ComputerYou do not have permissions to manage the certificate stores on the remote computer. Either contact the administrator of the remote computer to grant you additional permissions, or connect to the remote computer with a different user account.3The certificate stores could not be enumerated. %11The certificate could not be deleted from %1. %2 Trusted sitesInternetRestricted sitesLocal computerLocal intranetUnknown internet zonePAPathHash Network Zone CertificateTrusted PublishersDesignated File TypesAll Files (*.*)|*.*||=This zone contains Web sites that are on your local computer.JThis zone contains all Web sites that are on your organization's intranet.PThis zone contains Web sites that you trust not to damage your computer or data.CThis zone contains all Web sites you haven't placed in other zones.QThis zone contains Web sites that could potentially damage your computer or data.You must enter a path.%Windows could not delete the rule. %1%Permanently delete the selected rule?(Permanently delete the selected entries?)Windows could not create a hash of %1. %2'You must select an application to hash.Windows cannot open %1. %2*Windows cannot get the file size of %1. %2The rule could not be saved. %1 Extension File TypeIf you delete this file type, programs of this type will run with unrestricted privileges. Are you sure you want to delete this file type?If you delete these file types, programs of these types will run with unrestricted privileges. Are you sure you want to delete these file types?!%1 is already a listed file type.bytesKBPADefault security levelThe default level you selected is more restrictive than the current default security level. Changing to this default security level may cause some programs to stop working. Do you want to continue?Select a file or folder:7The selected file does not contain a valid certificate.Certificate Files (*.cer, *.crt)|*.cer;*.crt|Signed Files (*.vbs, *.js, *.exe, *.cab, *.cat, *.msi, *.dll, *.ocx)|*.vbs;*.js;*.exe;*.cab;*.cat;*.msi;*.dll;*.ocx|All Files (*.*)|*.*|| Hash RuleNew Network Zone RuleNetwork Zone Rule Path Rule Certificate RuleCertificate Rule Note: Certificate rules will not be enforced until enforcement is enabled. Certificate rules enforcement can be enabled on Enforcement properties page.2Auto&matically Enroll and Retrieve Certificates...9Updates all eligible certificates as a background process0The autoenrollment event could not be opened. %1?The restricted level cannot be made the default security level.File Private Keys Enforcement-This hash value is in an unrecognized format.Browse for File or Folder:Windows could not set the software restriction policy. %1,Close all property pages before deleting %1.You must provide a hash value.;Close all property pages before changing the default level.9Close all property pages before refreshing the container.ZThe file %1 has a length of zero bytes and cannot be hashed. Choose another file to hash.Certificate TemplatePAThe certificate cannot be renewed because you chose to generate a new key and your smart card is full. Would you like to reuse your private key for this certificate?/Software Restriction Policies is not supported.:The Encrypting File System value could not be changed. %1;Click "Stop" to stop the search before closing this dialog."New &Software Restriction PoliciesCCreates software restriction policies for this Group Policy object.(No Software Restriction Policies DefinedSoftware restriction policies are not defined in this Group Policy object. If you define software restriction policies in this Group Policy object, they will override inherited policy settings from other Group Policy objects. To define software restriction policies, in the Action menu, click New Software Restriction Policies. Note: After initially creating software restriction policies, a reboot is required before they will be enforced.(No designated file types were found. %1No certificate templates are available in Active Directory. At least one certificate template is required to create an automatic certificate request. To populate Active Directory with the available certificate templates, on the Start menu, click Run, type certtmpl.msc, and then click OK. If you do not have permissions to manage certificate templates, contact your system administrator.oCertificates in the %1 certificate store will not be displayed because Windows cannot gain access to the store.jCertificates cannot be copied to the %1 certificate store because Windows cannot gain access to the store.%&Delete Software Restriction PoliciesDDeletes software restriction policies from this Group Policy object.FWindows could not delete the software restriction policy settings. %1VThe operation could not be completed because the certificate has already been deleted.PA0Windows cannot create a data recovery agent. %1gClose all Software Restriction Policy property pages before deleting the Software Restriction Policies.MDelete all software restriction policies defined in this Group Policy object?EThe file extension cannot contain any of the following characters: %1FWindows cannot install this certificate as a recovery certificate. %1>Windows cannot install this certificate because it is expired.kWindows cannot determine if this certificate has been revoked. %1 Do you want to install this certificate?16384PA0Certificate Services Client - Credential RoamingNot configured&Advanced Operations!Advanced enrollment operations...&Enroll On Behalf Of...-Req&uest New Certificate with the Same Key...-Request This Certificate with the Same Key...,Ren&ew This Certificate with the Same Key...+Renew This Certificate with the Same Key...PA&Create Custom Request...Certificate rules are not enforced currently. Would you like to enable them? Note: Certificate rules will negatively impact the performance of your machine.FWindows could not create new software restriction policy settings. %1"The changes could not be saved. %1&Manage Enrollment Policies...5Add/Remove/Modify user configured enrollment policiesManage Enrollment Policies+Unable to open certificate and validate. %1fThe administrator of your domain has disabled add/remove/modify of user configured enrollment policiesSearch type not implementedzWindows cannot add this certificate as a Network Unlock certificate because it does not use a 2048-bit RSA encryption key. Full controlReadChanging RUP Exclusion ListWhen Credential Roaming is enabled, the folders in which the user's credentials are stored are automatically added to the Roaming User Profile (RUP) exclusion list. This prevents potential conflicts when both RUP and Credential Roaming are used together.When Credential Roaming is disabled, the folders in which the user's credentials are stored are automatically removed from the Roaming User Profile (RUP) exclusion list.;Certificate Services Client - Certificate Enrollment PolicyDefaultNameAutomatic EnrollmentDisabledEnabled'Error: Remove Default Enrollment PolicynThe default enrollment policy cannot be removed. Select another default before removing this enollment policy.!Confirm Enrollment Policy RemovalEThis will remove the "%s" enrollment policy. Do you want to continue?#Error: No Default Enrollment PolicyA default enrollment policy must be specified. Use the default checkbox control to select the desired default entry. You must select exactly one default.Invalid computer name.Select Computer!Unable to open Computer Selector.Enrollment policies cannot be viewed through Resultant Set Of Policy (RSOP). To view which enrollment policies are pushed down to the client through group or local policy, please look at HKCU (or HKLM)\Software\Policies\Microsoft\Cryptography\PolicyServers registry on the client.Trusted PeopleTrusted PublishersUntrusted CertificatesCA Certificates$Certificate Path Validation SettingsPACertificate Path Validation(not recommended)OSelect a purpose from the drop-down list or enter an OID in the form of 1.2.3.4-The value entered is out of range: %lu - %lu.StoresCertificate purposesTrusted PublishersNetwork RetrievalAuto update MRCP certificatesURL retrieval timeout!Path validation retrieval timeoutIssuer certificate retrievalCross-cert download interval RevocationCRL/OCSP preferenceExtending response lifetimes SmartCardBitLocker Drive EncryptionHThe certificate is not suitable for BitLocker Drive Encryption recovery.:No BitLocker Drive Encryption Data Recovery Agents DefinedThis group policy has no BitLocker Drive Encryption Data Recovery Agents defined directly on it. To define Data Recovery Agents you can click on the BitLocker Drive Encryption node and select Add Data Recovery Agent from the All Tasks menu.No BitLocker Drive Encryption Data Recovery Agents have been defined in any group or local policy that was evaluated to produce this resultant set of policy.PA5BitLocker Drive Encryption Network Unlock CertificateNThe certificate is not suitable for BitLocker Drive Encryption Network Unlock.@No BitLocker Drive Encryption Network Unlock Certificate DefinedThis group policy has no BitLocker Drive Encryption Network Unlock Certificate defined directly on it. To assign a Network Unlock Certificate you can click on the BitLocker Network Unlock Certificate node and select Add Network Unlock Certificate from the All Tasks menu.No BitLocker Drive Encryption Network Unlock Certificate has been defined in any group or local policy that was evaluated to produce this resultant set of policy."&Add Network Unlock Certificate...!Select Network Unlock Certificate-Only network unlock certificates can be used.OAdd an existing certificate to the Group Policy as a network unlock certificate&Network Unlock Certificate...%Add Network Unlock Certificate WizardLWindows cannot install this certificate as a network unlock certificate. %1Add Network Unlock CertificatekWindows cannot determine if this certificate has been revoked. %1 Do you want to install this certificate?>Windows cannot install this certificate because it is expired.4Cannot add more than one network unlock certificate.Add Data Protection Certificate9Cannot add more than one Data Recovery Agent certificate.PAVerdana12*No Encrypting File System Policies DefinedPAThis group policy has no Encrypting File System policies defined directly on it. To define a policy you can click on the Encrypting File System node and select Add Data Recovery Agent or Create Data Recovery Agent from the All Tasks menu.No Encrypting File System policies have been defined in any group or local policy that was evaluated to produce this resultant set of policy.This group policy has no Encrypting File System policies defined directly on it. To define a policy you can click on the Encrypting File System node and select Add Data Recovery Agent from the All Tasks menu.1024204840968192No valid templates were found., 256384521Windows cannot install this certificate as a recovery certificate. Current recovery policy does not allow this certificate type.#No Data Protection Policies DefinedPANo Data Protection policies have been defined in any group or local policy that was evaluated to produce this resultant set of policy.This group policy has no Data Protection policies defined directly on it. To define a policy you can click on the Data Protection node and select Add Data Recovery Agent from the All Tasks menu.This group policy has no Data Protection Recovery Agents defined directly on it. To define Data Recovery Agents you can click on the Data Protection node and select Add Data Recovery Agent from the All Tasks menu.Data ProtectionPA/Renew a certificate that is close to expirationExport a certificate using PFX5Permanently remove selected certificates from a store,View or modify the contents of a certificateView a certificate,The certificate could not be added to %1. %2You must choose a certificate.9The hash could not be read from this signed file: %1. %2PA4VS_VERSION_INFO@%@%?StringFileInfo040904B0LCompanyNameMicrosoft CorporationRFileDescriptionCertificates snap-inr)FileVersion6.3.9600.16384 (winblue_rtm.130821-1623)0InternalNameCERTMGR.LegalCopyright Microsoft Corporation. All rights reserved.HOriginalFilenameCertMgr.dll.muij%ProductNameMicrosoft Windows Operating SystemBProductVersion6.3.9600.16384DVarFileInfo$Translation PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD