Z powa¿aniemHi, I have a problem with Crypto API (DAPI) keys in following environment: Domain Controller SAMBA, workstations with Windows XP. Roaming profiles are enabled. On workstation is installed user certificate with private key. Private key is secured by Windows Crypto AP which encrypting private key by user main domain password. After change user domain password, SMB can't decrypt user's private key and this cause that users certificate doesn't work.... Is there any solution this problem? Currently i have to reinstall user certificate after every change user domain password... Regards, Barty