How to allow non-admin users to install ActiveX and Add-ons while applocker...
Hi All,We would like to deploy applocker in our org. -- we would like to allow users to install ActiveX and Add-ons from IE.Could somebody guide me how can I achive this using applocker rules.Note: We...
View ArticleEnterprise Sub CA backup / restore in Virtul environment
Dear All , We have a physical standalone offline Root CA enterprise Sub CA , online responders in a virtual environment. Backup Strategies are as follows On the Root CA ##################### 1-...
View ArticleNPS and CA for 802.1x
Hi All,I am expanding an exisiting wired 802.1x deployment which is using certificate based authentication and I was after some advise.At present, there is a single 2008 Enterprise Root CA issuing...
View ArticleEnabling LDAP over SSL
LDAP over SSL was initially configured using our 2003 domain DCs but we now have our roles spread between 2 x 2008 DC's (one of the 2003 DC's is now off because it failed, the other is still working as...
View ArticleRenew Forest/ Domain Certificate - help
Network is running Windows 2008 Enterprise.Our Forest root certificate is set to expire end of January.Do I need to do anything to renew this certificate? Will it auto populate across domain with the...
View ArticleTwo or Three Tier
What are the main reasons to having a Three Tier architecture? What would be the design question that I would need to ask myself in order to make a decision on 2 verse 3 tiers?Thanks,Paul
View ArticleRestricted RPC dynamic ports on member server - do I need to restrict the DCs?
Hi there!My situation is as follows:We have some servers running SharePoint in a resource domain "A".The clients and user accounts are in domain "B", and there is a two-way trust between domains A and...
View ArticleSecurity
Question - is it possible for a Domain Admin to elevate them self to Enterprise Admin? If so how is this done or is it even possible?Richard Parker
View ArticleCross-Forest CA: Computer-Object not found by Policy Module
Hi,the policy module is requesting the computer object from the wrong DC's in case the requesting computer is member of a domain with an DN that contains the DN of the CA's domain.Let's assume we have...
View ArticleWindows 2008 EFS Question - Network share Element not Found
Hello!Working on a project where I use EFS to encrypt a share on a file server. I am in a domain network, and I have worked through the process of setting up EFS on the domain so that I can now...
View ArticleMost Secure Infrastructure Setup for 3 Networks
I have 3 networks and they all need to be secure from each other yet be easily managed from a domain standpoint. Network A = Child domain Network (Secure network) Network B = Domain Network (Domain)...
View ArticleSecurity Permission
I use win server 2008 r2 ,i have share folder and the TEST group have read ,list folder and contents ,read & execute ,write security permissions they make this group edit in text files but can`t...
View Articleserver login behaviour
does a domain controller take over the login when I'm trying to login into a computer (i.e. select the computer rather than the domain when logging in). We have a CRM server on network. without being...
View ArticleWindows 2008 Core Server - CA, how to set permissions on templates
using Certutil how do i set permission on templates. If I do a certutil -v -catemplates all the templates show access denied. This is a subCA but I cannot renew his cert.
View ArticleMBAM Recovery and Hardware Service - "Certificate's CN name does not match...
The BitLocker (test) laptop receives 2 messages in the event viewer, one for "Unable to connect to the MBAM Recovery and Hardware service." and the other "An error occurred while sending encryption...
View ArticleUnderstanding login failures in Server 2012
Hi Folks, What with almost everyone using a smartphone, tablet, home PC, direct access, RDP, etc., we are generating many more bad logons and account lockouts these days than a few years ago. These are...
View ArticleNon-domain joined systems and certificated based communication
We are about to roll out PKI into our Windows domain. We are going to have 2 auto-enroll certificates, one for domain users and one for domain computers. We have a mixed IT environment, with various...
View Articlecreating new event log sources on custom logs?
I am having trouble getting a logon script to write to a custom event log I've created on a new 2008r2 server. We migrated from 2003 last year and our logon script had an eventcreate command which...
View ArticleServer 2008 UAC question
I have read the other topics in the forums related to this, and nothing solves the issue for me. I hope someone can help. I am running DFS on server 2008 R2. I am logged in as a member of the Domain...
View ArticleCertificate Chain and verification
Awhile back we re-issued certificates in our Forest/domains with 1024 key. We were at 512. We are now having a problem with an application trying to use SLDAP and allow the user to change passwords....
View Article