Mimikatz hack tool dump pass from memory
Hi there,Is there some way to protect WinOS against this tool: http://blog.gentilkiwi.com/mimikatz (Sorry this is in french but the first print screen is relevant...)According to the author (no NTLM,...
View ArticleHow to avoid having users enroll for multiple certificates?
HiI am the domain administrator of my company. Recently one of my clients has re-installed his Windows and received a new certificate from CA, but the key pair of certificate is not same with previous...
View ArticlePKI - Windows XP and CNG
Although Windows XP will be retired soon I have a question. I've heard that Windows XP as client does not support CNG. As I understand CNG indicated as hash sign when you select the CSP, for example:...
View ArticleWindows Certificate Services: Redundancy options for Stand-Alone...
Hello,I have a standalone certificate server and it is working fine. I use its certificates for our intranet IIS application SSL certificates. This is all internal network and there is no public...
View ArticlePulling information from Security Log
Is there any tool I can use to parse the Security Event Log on a Windows 2003 server and collect just certain data?I have a server with a considerable number of 529 Failed Audit events. I would like to...
View ArticleWindows Stand-Alone Certification Authorities: What are the options to...
Hello,I have two Windows 2012 Stand-Alone Certification Authorities CA1.corp.int andCA2.corp.int. Note they have two different DNS names. CA1 serves more than 200 issued certificates. What are my...
View ArticleClik here to view.
ADFS server can't see certificate
Hi All,I have copied a certificate (web server) on my Enterprise Root CA and given an account full control on this certificate. I login with this (domain) account to my ADFS server, but when I try to...
View ArticlePassword Expiry versus Disabled
Hi ,May we know what is the risks of having accounts whose passwords are expired in Active Directory but the accounts remain enabled.?Can this situation still be exploited?Regards,Jhun
View ArticleClik here to view.
Folder Permissions Issue
Hi,I am getting some errors in folder permission. All are showing some red?marked on user names. But while accessing folders we are not getting any problem. How to resolve this issue.Attached screenshot.
View ArticleACTIVE DIRECTORY CERTIFICATE SERVICE
Team,I an trying to publish my CRL to a webserver and I did the ffg-- configured the CA--- installed ADCS correctly--created an IIS server and created a virtual directory called certdata--on the CA I...
View ArticleDoes changing your password effect any of your Microsoft Word apps?
My dad and I have two different Toshiba laptops with Windows 8, with the same Microsoft account. Recently, I changed my password on my PC, and then I noticed that my Microsoft Word, Powerpoint, Excel,...
View ArticleLDAP over SSL on Windows 2012R2 Server DCs - TLS 1.2 not working
Hi there,We've upgraded our DCs from 2008 R2 to 2012 R2.After moving the Enterprise CA from 2008 R2 to 2012 R2 domain controller (same IP, same hostname) according to this guide:...
View ArticleWindows server 2008 R2 Restore Option
Hi,Hi I have Domain Controller with windows server 2008 R2 operating system , also I have installed shrepoint 2013 and exchange server 2007 in same server , right now my server is not booting properly...
View ArticlePKI: Recommended design for (legacy or otherwise) device interoperability
Hi!Working on a new two-tier PKI design, I have come across an uncertainty which I cannot quite google an answer to.In the design, I wish to use CNG with SHA2 (SHA-256) and 4096-bit keys. The clients...
View ArticleCertificate Archiving
Hi,We have 2 tier CA architecture wherein we have one offline root CA and one Sub-ordinate issuing CA. The users in the organisation are using certificates for EFS. I have enabled key archiving for the...
View ArticleAccess is Denied error coming while renewing Issuing CA Certificate
I am having a three tier CA environment (Root, Subordinate and Issuing CA). I was to renew the subordinate and issuing CA certificates, as they were near to expiration date. I did the Subordinate...
View ArticleClik here to view.
PKI Enrollment Failed Request ASN1 Corrupted Data / ASN1 Unexpected end of data
I have just 1 user that is not able to enroll for a certificate. The Failed requests logs shows two different errors:ASN1 unexpected end of data 0x80093102 (ASN: 258)ASN1 corrupted data 0x80093103...
View ArticleNDES service account
Hello, I have a general question that I have been thinking about. Is it possible to use a Managed Service Account or Group Managed Service Account for the Network Device Enrollment Service? I have...
View ArticleEAP-TLS new user login
Hi!I´m having a logical misunderstanding about NPS, EAP-TLS and certificates. Maybe you can help me out with this.In my environment I have AD, NPS, CA and network devices. I´m using successfully Wifi...
View ArticleWhy is "Authenticated Users" in the local Users group by default?
This has been bugging me for as long as I can remember:By default, "Authenticated Users" is a member of the local Users group on all Windows Servers (2003/2008/2012).My colleagues, and I, agree that...
View Article