WIthout using GPO or some cross domain enrollment tool is there a automated...
our IT guys wont setup auto enrollment in 2 of our domains. Our 3rd domain has auto enrollment. I need machine certs from our 3rd domain on the machines in the other 2 domains. One of these is not...
View ArticleRights needed for computer management tasks
Hi all,I've recently started at a company in an IT Security role. We have a native 2008 R2 domain. I am not a Domain Administrator, and have no desire to be. Nor do I need to be a local...
View Articlemonitoring when users Log to resources remotely
I'm trying to monitor when users access another computer in the domain remotely. I check out the logs from the Domain Controller on event viewer (WindowsLogs) and it shows me some events where I can...
View ArticleCertificate Template OID not working in INF file
I am trying to create a certificate request using the following INF file but I keep getting the following error:"An attempt was made to perform an initialization operation when initialization has...
View ArticleADFS, ADCS, and SQL Express
I have a very limited budget and want to setup an ADFS server for testing only. My question is can I setup ADFS, ADCS, and SQL express on the same member server? I believe IIS has to be separate is...
View ArticleCertutil -deleterow cert Access is denied
I'm having trouble running certutil -deleterow %date% cert command.I get an access is denied error. I am a CA Admin and have rights to do it. I ran the command prompt as administrator.The weird thing...
View ArticleAccount Lockout - Reset account lockout counter after
Hi Expert,Would you know any disadvantages if we set the Account Lockout Policy - Reset account lockout counter after to longer value e.g. 24 hours or maximum of 99,999 minutes.?Regards,Jhun
View ArticleCertificate Services Website CSP
I would like to set the default Cryptographic Service Provider and Key Size which are presented on the form when a user wants to do an Advanced Certificate Request on the CERTSRV website on my CA....
View ArticleHow easy to sniff a public FTP/HTTP username and password?
Hi IT Colleagues,I understand that using plain FTP/HTTP , it is possible to sniff username and password using sniffer like wireshark.However, I just to want know how easy to do it.I know that in order...
View ArticlePassword reset customization
We are running 2008 R2 Active Directory, staff log in to Windows machines on the domain so we have no issues with password reset settings there.The issue we have is that we have students logging in...
View ArticleCA certificate not being published as expected
Our customer performed renewal of certificate on one of CA instances and published new KRA certificate. Configuration was implemented according standard procedure, pfx of KRA certificate was imported...
View ArticleBlock NTPServer (UDP 123)
Hi all,I have setup on the GPO that NET server is disabled and I can see from the registry "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer: Enabled = 0x0000"But...
View ArticleDeny List Folder persmissions
I have a simple SQL database which enables users to access specific files residing on a network location which will primarily consist of microsoft office documents.I wish to prevent the users from...
View ArticleFILE level encryption, client integration solutions
I have recently started investigating encrypted file system and it does NOT seem like it will do what I need it to do. Please let me know if you know differently or know of a product that does what I...
View ArticleServer 2008 R2 File access auditing problem - getting too much noise from...
Hi I needed to setup auditing for the purpose of finding out who keeps deleting files from a specific folder on one of our file servers.I have accomplished this by turning on "Success" auditing in the...
View ArticleADCS - Invalid AIA and CDP paths
Hello, I have a 2-tier PKI infrastructure; 1 offline stand-alone Root CA and 1 Enterprise Subordinate Issuing CA. Both are running Windows 2012 R2. The Issuing CA is a member of a WIndows 2008 R2 AD...
View ArticleCan you configure a static port to use with certsrv.msc?
I am trying to use certsrv.msc to connect from my workstation to the CA for administration purposes. Workstation is Win7, CA is 2008 R2 Enterprise running Enterprise Subordinate on a dedicated box.I...
View ArticleServer 2008 R2 security error 4625
HelloI'm hoping someone can help me or point me in the right direction. I have 2008 R2 machine running exchange and I keep getting the following error.An account failed to log on.Subject:Security ID:...
View ArticleWindows Server 2003 SP2 End of Life
When will security patches stop being released for Windows Server 2003 SP2?
View ArticleFull control for system administrators
Hi I understand that system administrators are given full control to all files/ folders of the local disk drives, network drives for daily IT operation. Because my firm has some sensitive information...
View Article