Preventing users from viewing encrypted data on a specific machine - Security Center 5.8

Security Center Administrator Guide 5.8

series
Security Center 5.8
revised_modified
2020-08-17

If you no longer want people to use a specific client machine to access the data from an encrypted camera, you can remove the encryption certificate used to enable fusion stream encryption on that camera, from that machine.

What you should know

Access to data from encrypted cameras is controlled through the encryption certificates installed on the machine used to access the data, as opposed to through user privileges. Only follow this procedure if you are changing the configuration of a machine, not because an encryption certificate is compromised. If you think the distribution of an encryption certificate has been compromised, you can prevent it from ever being used again on your system.
IMPORTANT: If this client is the only machine that can access the encrypted camera, make sure you do not lose its encryption certificate (containing the private key). If you lose the certificate, you cannot recover the encrypted archives for that camera. If you have only one machine that can view the encrypted camera, follow the recommended best practices for managing private keys.

Procedure

  1. Log on to the client machine as a local administrator.
  2. Add the Certificates snap-in to your local computer account.
  3. Delete the certificates corresponding to the encrypted cameras that you no longer want people to view on this machine.
  4. If this client is the only one using this certificate, also remove the certificate from the Archiver.
    This prevents the Archiver from performing unnecessary encryption. For information on how to remove a certificate from the Archiver, see Preventing compromised certificates from being used in your system.

Results

The client will no longer be able to view new or archived data from the camera, so long as the camera remains encrypted.