We have an EFS template in place which is currently set to a minimum key size of 1024. If we want to increase this to 2048 what are the correct steps to do this and what is potential impact ? both for new certificate requests and certs which have already been issued ? It's a 2008 R2 domain but with majority windows XP clients.

Hi, You can do this by simply modifying CApolicy.inf and then performing a renewal with a new key pair. For details: How to change root certificate key's length and validity period http://social.technet.microsoft.com/forums/en-us/winserversecurity/thread/CE001D8F-C722-4429-83CB-328B92876292 Hope this helps! Best Regards Elytis Cheng TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here. Elytis Cheng TechNet Community Support

Thanks Elytis. Are there any clients which changing from 1024 to 2048 would be a problem for ?

Hi, As far as I know, there is not. Best Regards Elytis ChengElytis Cheng TechNet Community Support

thanks Elytis.