Why is "Authenticated Users" in the local Users group by default?
This has been bugging me for as long as I can remember:By default, "Authenticated Users" is a member of the local Users group on all Windows Servers (2003/2008/2012).My colleagues, and I, agree that...
View Articlehow to configure ipsec policy on windows server 2008 r2 to permit local...
I have applied IPsec policy on local machine(ip address:10.82.138.76) with windows server 2008 ent r2 installed,only permit local machine to comunicate with itself,one other server(ip...
View ArticleAdd-KDSRootKey fails with "Request not supported" error
I'm trying to create a group Managed Service Account (gmsa) on a newly installed Win2012 DC (first computer on domain). Creating the gMSA requires you to first create a KDS Root Key. I launch the...
View ArticleMSS settings in GPO
hi Guys,how to show the MSS settings in Windows 2012 R2? SCM doesn't seems to be able to install in the OS.RegardsSeng Leng
View ArticleHow to offline an Enterprise Root CA
For internal PKI, I'm a big fan of using Enterprise vs. Stand-alone, for simplicity and ease of management. The problem is, I just can't find definitive answers on how to properly offline it. Most...
View ArticleClik here to view.
Certificate authority and PKI Certs.
Hi, I am a beginner when it comes to certificates so any guidance would be helpful.We are setting up PKI certificates to use with Configuration Manager 2012 sp1.We have created a new web server,...
View ArticleBuilt-In Users-group is suddenly gone on folder security tab.
Dear forum-members,I have got a problem with folder-permissions (acl) on a Windows 2003 Server with Terminal Services (Citrix). The application "Sybase" is installed on the D-drive (disk). A thrid...
View ArticleCertificate not enrolling on Windows XP SP3 clients.
We set up a computer certificate needed for our SCCM environment for https, we created the template, set it for auto enroll, and created a GPO. The certificate deployed fine on all of our clients, and...
View ArticleAD CS - Create a custom certificate request and certificate expiration
I have a client that is running their own AD CS, on Server 2008 R2 Datacenter. I can request certificates, but I need to get some very specific certificates for a FortiGate / FortiClient to work...
View ArticleTrust a CA on a different forest
Hi, We are setting up a new domain but the legacy AD will have to be used until the last app is migrated. How can we have clients in the new domain trust a certificate in the CA of the old...
View ArticleCan't install standalone security updates
I have windows server 2008 r2 standard +sp1 and need to install the 2 following updates:kb2271195kb2124261We need to install these for PCI compliance and when I try to install them I get the...
View ArticleUsing IPSec to limit file sharing to a single server and still allow AD, DNS,...
Using IPSec I've been able to block file sharing to all but a single server. The problem is that on login the client can't load group policy. If I disable the rule that limits file sharing, group...
View ArticleClik here to view.
IPSec Main mode 4653 Audit failure from IP addresss : Akamai and Microsoft...
I am updating my security log settings and testing some of the Advanced Logging features.I have IPsec NPS on the network, so I am interested in any IPsec failures.On my domain controllers I am getting...
View ArticleWindows 2008 R2 - Injecting custom local policy in the unattend or...
I have started the process again of building unattended files. I've got the basics down, but we make a number of changes to the local policy as part of our security requirements. Is there a way to...
View ArticleWindows 2008R2 Server Credential Manager clears entries after a couple of...
I have been having issues with W2008r2 server deleting credentials in Cred Manager after few days or a couple of weeks. I have to keep restoring the credential vault with the back up file I created. I...
View ArticleRestore "account unknown" user profile Windows7
After accidentally remove user and computer from domain controller (Windows Server 2003), i was create new user with same old name on DC and rejoin my client PC (Windows7) to domain.As result i have...
View ArticleHow to force password policy requirements on password resets for user...
OS: Windows Server 2008 R2 EnterpriseDomain Level: 2008Forest Level: 2000We have Domain Administrators in our domain that reset passwords for user accounts, and the passwords the Administrators set...
View ArticleReverting from advanced audit policies back to basic
Hey,I'm trying to revert back to basic audit policies after using advanced polies. The policy is set locally on the DC server 2012. I've tried doing this:http://support.microsoft.com/kb/921468. There...
View ArticleAdding Certificate Extensions to externally generated CSR
Hi all,I was handed a seemingly simple task, yet it is so tricky I have spent days without any good returns. Given : an externally generated CSR, a root key (in a HSM)Task : to sign the CSR with the...
View ArticleClik here to view.
Revocation Server Offline Error (0x80092013)
Here is our infrastructure:Offline root - Server 2012 Standard Intermediate CA that issues certificates - Server 2012 Standard PKI server (CDP and AIA over http url) - Server 2012 StandardHere is the...
View Article