Changing key management on existing consumer policies.
I made a mistake in creating a bunch of consumer policies on the universal server, the mistake was with the setting the wrong key modes for these policies. I want to now change the users keys from Guarded key modes (GKM) to Server Key Modes(SKM). The main reason for this is so that the key password is always in sync with the AD credentials and the password is synced automatically VS manually.
What would be the impact of just going into the policy, un-checking the GKM key mode and checking the SKM mode? After applying such a change, would users key change transparently or would they need to be deleted and reenrolled?
The folders are encrypted to a group key so deleting the users key should not impact their access once the new key is created, I would hope. We also don’t allow users to create their own net shares to their own key so new keys would not be an issue there as well. Can anyone give me some tips on how to do this transparently if possible?