CSR to Cert Authority not including SAN info.
Hello,We have a Windows 2012 CA that we have enabled SAN certs on. This has always work up to a few weeks ago. Users would create a CSR and use the CA to generate the cert successfully but they would...
View ArticleWhere do the Domain Trusted Root Certification Authorities come from?
Hello,In my Trusted Root Certification Authorities list I have noticed that I have multiple listings for my Enterprise Root CA.1. Am I correct to assume that I should have only one listing?2. I have...
View ArticleCleanup after CA removal
HiI have just completed the process of decommissioning an Enterprise Issuing CA using kb889250. Step 9 talks about cleaning up the domain controllers by runningcertutil -dcinfo deletebad, however there...
View Articlemmc reguest machine certificate - wrong templates displayed
I have duplicated Computer template, so it has Autoenrollment availableTemplate is published & works on lots of machines (they do autoenrol)This template is also available on most machines if I...
View ArticleIEEE 802.1x MD5 XML Schema
Hello,we can set IEEE802.1x MsChapV2 settings as following code. BUT does anybody know how to set the MD5-challenge username and password?or do you know the IEEE 802.1x MD5 XML Schema.this question is...
View ArticleImplement EFS on shared folder on remote file server
Im' studiyng for the 70-640 certification and i was impement a simple scenario with a DC a CA on a member server and a client. I have installed and i started to create file to encrypt, but there is...
View ArticleWho saved that file!
one of my users saved an inappropriate JPG to a folder on my Windows server 2008 R2 File server and the HR manager has asked me to find out Who saved the file. does anyone know a way i can see who...
View ArticleAn issue with Windows Firewall Behavior
Hi Guys,Today was a hell , We had one of those issues which really Blowed my mind very well!We solved it kinda but the situation made me think of why the policies in windows firewall are set like this...
View ArticleFirewall Inbound Rules - Specific Users/Computers
Hello,I am trying to configure Inbound Rules in a specific way and it's not quite giving me exactly what I want/expected it to do.I have two inbound rules as follows:RDP - Andy Allow connection if...
View ArticleADCS migration query??
HiWe are preparing to migrate our enterprise PKI infrastructure from Microsoft Windows Server 2008 ADCS to Microsoft Windows Server 2012 ADCS. We have an stand-alone root certificate authority and...
View ArticleLocal Admin Rights - add / remove ?
Is there a way to add and remove local admin rights for users at logon / logoff in Server 2008? Workstations are XP sp3 and Windows 7 Sp1. We have users who move from computer to computer and they...
View ArticleDomain admin and Domain Users Rights Details
Hi,I want to know about domain admin and domain user details.1. Domain admin and domain user are holding wt rights ?2. If I want to create one more group with lesser rights of domain admin and domain...
View Articleremote desktop services user rights assignments
How can you get a report from either a windows client OS or windows Server OS on which users and groups have the relevant user rights assignment to access the server via remote desktop software? I know...
View Articledirectory ACL concerns
We have some sensitive documents on a windows 2008 R2 file server. They aren't held within a "shared" folder, and can only be accessed via the server itself, i.e. local console access or remote...
View ArticleLogon Events
We are implementing a Barracuda Web Filter in our network and for us to be able to get this to work right with Authenticated users the Barracuda looks at the DC Security log where it tracks Events 4624...
View ArticleBest practice to securely format a solid state hard drive.
Hey guys i am not sure this is in the right place or even belongs on this forum but here we go. I am going to be participating in a security project and the goal is to recover data from formatted...
View ArticleDistribution Point URL
The default value for the HTTP CDP is http://<ServerDNSName>/CertEnroll/<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl Is there a way to use a variable to fill in the...
View ArticleWindows CA Template issue problem from Certsrv WEB page
I’m trying to generate an SSL cert for Vmware with a Microsoft 2008 R2 CA. We are only using a single Root CA.I have followed the instructions outlined in this article for setting up the Certificate...
View ArticleLimitation of row of 1023 characters in cipher suits order in MMC. How to solve?
In MMC there is an opportunity to set the cipher suits order, but there is a limitation of 1023 characters. It's not enough to write a half of all available cipher suits. How to solve this problem?
View ArticleEvent 4625 question.
So we are constantly being hit by logon attempts from all over the world (mostly China). I was blocking any newly discovered IP address. But I am not sure if I see any reduction in those attempts,...
View Article