Best way to provent someone stealing password Hashes..?
Hey everyone,I am doing some research on finding the best way to prevent someone with access to our network getting Active Directory password Hashes. Specifically, are there any legacy group policy's...
View ArticleCertificate Validity Period Question
I work for a foster care organization and cant decide on how long we should have our Validity period last. These certificates will be used for digitally signing word docs. The problem im running into...
View ArticleClik here to view.
Folder Permissions Issue
Hi,I am getting some errors in folder permission. All are showing some red?marked on user names. But while accessing folders we are not getting any problem. How to resolve this issue.Attached screenshot.
View ArticleClik here to view.
ADFS server can't see certificate
Hi All,I have copied a certificate (web server) on my Enterprise Root CA and given an account full control on this certificate. I login with this (domain) account to my ADFS server, but when I try to...
View ArticleAccess is Denied error coming while renewing Issuing CA Certificate
I am having a three tier CA environment (Root, Subordinate and Issuing CA). I was to renew the subordinate and issuing CA certificates, as they were near to expiration date. I did the Subordinate...
View Article529 event ID in Security audit failure
Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: 1/20/2014 Time: 8:20:50 AM User: NT AUTHORITY\SYSTEM Computer: Server1 Description: Logon Failure:...
View ArticleIPSec Certificate on Enterprise CA
Hello,I'm trying to setup a VPN with IPSec, but I'm having some issues with the certificate request. My CA server is a 2008 R2, the CA is root and enterprise, and I'm using the Cisco ASA to setup the...
View ArticleHow to do domain-join with IPSec?
How can new computers join the domain when the Domain controller requires IPsec?I could think of ways if the authentication method Pre-shared key was used or if a certificate was used but what if the...
View ArticleSecuring remote desktop login with 2-factor and 3:rd party radius server
We have a 3:rd party radius server that is used for vpn logins with tokens. I'd like to use this also for securing the login to Windows servers with 2-factor authenticaion, is it possible? Is there...
View ArticleSome User's certificates are not published in AD while most of them are
Hi,I've setup a CA which delivers Exchange Certificates to allow sign & crypt e-mails. Roaming Credentials have been setup on my domain (multiple user connections over multiple sites with distinct...
View ArticleKerberos delegation works, but only for 10 hours
Hi all - and please forgive in advance if this isn't the right forum for the question.I have an application service which watches for a file to be dropped and then calls a SQL stored procedure which...
View ArticlePKI -- Security certificate presented by this website was issued for a...
Working on setting up a server 2008r2 RDS server and when my users go to the rdweb website they get the Certificate error: Security certificate presented by this website was issued for a different...
View ArticleOCSP Responder Install Success - ADCS MMC from Server Manager Fail
I am using the following document on Server 2012r2.http://social.technet.microsoft.com/wiki/contents/articles/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment.aspxI'm at the point of...
View ArticleSCServ.exe created automatically in program files
we have few windows 2008 r2 servers where SCServ.exe is getting created automatically in program files root folder and consuming high CPU . please let me know if this is microsoft owned one .
View ArticleIssues opening attachments
All of my users cannot open attachments receiving through outlook. The attachments are showing corrupted when try to open or save. I have windows server 2008 r2 serving as the domain server. I am not...
View ArticleCertutil and indirect CRL
Hello!I need to verify a certificate manually. CDP in this certificate points to indirect CRL. Hence, the issuer of CRL is not equal to the issuer of certificate.I try the command:certutil -verify...
View ArticleEnterprise subordinate Issuing CA Server 2003 will expired
Dear AllOur company has an CA Server ,Root-CA (Server 2003 platform ca-expired in 2019)Server was offline and we can not find the physical location.And the Issuing CA(Server 2003 Platform) which is...
View ArticleUAC Affects Local Account Access of Remote Shares
I came across an odd manifestation of UAC today. It's been a long time since I've had to set up CIFS shares using local accounts for authentication, having always had domain-joined computers, but...
View ArticleW2k8R2 - Enterprise CA - Need WildCard Certificate for Internal Use
Hi guys,A new client of mine has a "standalone" CA in their domain already...but I need a Wildcard Cert for some applications I'm installing in IIS.I'm used to setting up an "Enterprise" CA and issuing...
View ArticleI want to bind my client certificate with machine certificate in order to...
I have created one dedicated root CA for domain and auto enrollment has been enabled through Group Policy.I want to bind my client certificate with machine certificate in order to bind user with...
View Article