Question on CAPolicy.inf file and post-installation script
I'm preparing a small PKI implementation with a single Enterprise Root CA on Windows 2008 R2 Enterprise.The primary role of this CA is to provide certificates for about 20 laptops that will use the...
View ArticleAccount Lock Out Issues
Hello all,I am encountering a very strange account lockout issue.We have a generic active directory account that we use and recently we changed the password on the account. After changing the password...
View Articleencrypting a File using Microsoft PKI Basic EFS template
Hi All;I created a basic EFS template on my Lab issuing CA and configured it for auto-enrollment on the domain . After doing that I created a new domain user(Test) on the Active directory and logged...
View ArticleWDS
Does anyone out there know what this error message is? Error occurred while trying to execute command. Error Code:0xc0000135. I get this message when try to injecting Dell and Lenovo nic adapter to...
View Article2 tier PKI, offline Root CA, enterprise CA. CDP AIA locations and OID question
I'm in the planning phase of a simple 2 tier PKI deployment. I plan on having an offline root CA and 1 or 2 enterprise Subordinate CAs. At this time they will only be used to auto enroll computer...
View ArticleHow to check CRL validity Period before doing CA Migration ?
Hi ALL,I am performing a CA migration so for doing that my first step is to Check that CRLs have a validity period that extends past expected migration durationSo can any one please let me know how can...
View ArticleClik here to view.
ldap over ssl in windows 2008 r2
hi i wanted to configure ldap over ssl and i have created security template along with apropriate persmission however when i want to add it my domain 2008 R2 computer it gives me error.""the permision...
View Articlestand alone AD-LDS instance : when adding a newly defined USER to the...
i'm working at a large healthcare client. they have an Active Directory controller, with a naming convention of ... DC=SJMC,DC=LOCAL (their server names are SERVER.sjmc.local).the software i'm...
View ArticleUnable to bind SSL certificate from Network Solutions
I'm not sure if this is the correct forum or not but I didn't see one that looked more suitable.I have a server running 2012 with the RDS role. I'm trying to install an SSL certificate on it in IIS8...
View ArticleChanging Provider name in OCSP Template
Hi ALL,While installing my Issuing CA in the CAPolicy.inf I made a entry as below[certsrv_server] ProviderName="nCipher Security World Key Storage Provider"Which allows my OSCP certificate template to...
View ArticleFirewall ports needed for remote management?
Hey guys,Does anyone know the ports needed so that I can remotely connect to other Win7 computer through compmgmt.msc, regedit, msinfo32, remote rsop.msc, etc? I think those are just rpc connections,...
View ArticleHow to force password policy requirements on password resets for user...
OS: Windows Server 2008 R2 EnterpriseDomain Level: 2008Forest Level: 2000We have Domain Administrators in our domain that reset passwords for user accounts, and the passwords the Administrators set...
View ArticleMSS settings in GPO
hi Guys,how to show the MSS settings in Windows 2012 R2? SCM doesn't seems to be able to install in the OS.RegardsSeng Leng
View ArticleEmail encryption and signing steps for internal Microsoft PKI
Hello All.Our company has an internal PKI system we use for many things, Since we want to extend it so that we can use it for email encryption and Signing as well as document signing internally in the...
View ArticleClik here to view.
Revocation Server Offline Error (0x80092013)
Here is our infrastructure:Offline root - Server 2012 Standard Intermediate CA that issues certificates - Server 2012 Standard PKI server (CDP and AIA over http url) - Server 2012 StandardHere is the...
View ArticleCertificate enrollment and expired certificates
We are setting up wireless network to use certificates. I plan to setup auto enrollment with our CA server so each machine gets their own unique certificate, however the server set the certificates to...
View ArticleAuditing File Deletion
On a SBS 2011 Server, I've enabled the Object Access Audit File System Success.When checking the logs I see mostly read attributes activity.Reading attributes seems to cloud the logs. How can this be...
View ArticleSoftware Restriction Policy batch vs vbs
Hi there,I have recently implemented a Software Restriction Policy on a Computer level with Disallowed level as default.I whitelisted the \\mydomain\SysVol so that my Group Policies could run.I have a...
View ArticleBlocking a SERVICE from logging ONLY SECURITY events
Hi,Is there a way to block a particular service from logging security event on Windows Server 2008? I want that service to have access to all other events like Applications, System, etc .... but only...
View ArticleBitlocker issues in business enviroment
We´re piloting Windows 7 for 50 users and I applied bitlocker during machine installation. Password recovery keys are written in AD fine. Bitlocker advanced tools are not installed. The problem is that...
View Article