CA Renewal - How long before DCs renew their certs?
Our Root and Issuing CA were set to expire next month, so this past week we renewed both certs with the same key pair. That went smooth, and new requests are using the new certs as expected.Our domain...
View ArticleHow to authenticate the users login a non-domian pc by NPS as radius server?
I want to deploy a test env, where windows server NPS as radius server, and when users login the non-domain pc to access Internet, the users firstly should be authenticated by the radius server. Only...
View ArticleWarning Message (Pop-up Message when accessing a directory)
We have been asked to have a warning message display on a client windows computer whenever they access a specific directory on our Windows 2008 server. Looked all over for solutions on this and found...
View ArticleExtending a CRL when the CA is unavailable
Hi All,I want to extend a CRL I am unable to export the private key. If a CA was previously unavailable to issue a CRL, I could extend the existing CRL manually by exporting the private key and signing...
View ArticleData loss prevention solution in windows server
I am wanting to implement a DLP solution on our network, I am looking for starting points for software.
View ArticleProper way to give permissions to subfolder, but not any folders above it
I need to give someone permissions to a folder that is buried about 4 layers deep on a file share, to which they can't have permissions to the folders/files above that specific folder. I can give them...
View ArticleIssuing Certificates to a DMZ server
I'm in the process of setting up a PKI infrastructure for an SCCM 2012 environment. In order to manage travelling laptops over the internet, we installed a new Windows 2012 R2 server in the DMZ. To...
View ArticlePKI Training and Resources
Any recommendations on advanced PKI Training? I've taken the "Designing and Managing a Microsoft Windows Public Key Infrastructure" course however it doesn't go into great detail on the many...
View ArticleRenew a certificate with the same thumbprint
Hello AllWe are using a Standalone CA on Windows Server 2003.We are renewing a client certificate to extend the validity period. The client certificate is renewed succesfully and the validity period...
View ArticleActive directory security audit software
Can someone recommend a good security audit tool for Active Directory? We have found several accounts with inappropraite permissions and I am looking for a comprehensive toolkit that allows both a spot...
View ArticleHow to Verify whether CAPolicy.inf Configuration was picked correctly or not ?
Hi ALL,can you please suggest me a way to verify whether CAPolicy.inf Configuration was picked correctly or not during CA installation and if it was not picked up correctly where can I see the error...
View ArticleWhere should I put ADFS at?
Hi everyone,Hope you can help. I have no experience in installing or setting up adfs..but we just need it now for one project that antoher vendor need to access to our AD. I can find some instructions...
View ArticleStand Alone CA: How do I modify default Certificate Services web pages...
Greetings, can somone take a look at the .asp pages which ship with Certificate Services and tell me what to modify to generate and use 2048 bit keys? Currently a "default" of 1024 is being used and I...
View ArticleSend Certificate request with Client information machine name
Hi all,I have set up a server with a client certificate with web enrolment on Server 2012 R2 Standard, IIS, which is working with AD Windows computers across the web from our DMZ. For non-domain...
View Articleunknown accounts
Whats the best way to get rid of these? I remove them but they come back, I reset permissions to default and they come back. I don't really want to break inheritence but I do not see them on the parent...
View ArticleKerberos Ticket - Can an expired ticket cause an account to be locked out?
Hi All, Would someone be able to say if the inability to Fetch a Kerberos Ticket can cause an account to be locked out. I'm getting the following message i my logsMay 2 18:39:03 208.86.142.142...
View ArticleQuestion about missing function when using ADCS certsrv webenrollment
Hi,We recently setup a new ADCS. When I try certsrv web enrollment for requesting my first certificate, I can't seem to be able to do so.Here is what I've seen: After I successfully authenticate with...
View ArticleClik here to view.
Expired AD User Object certificate
We have an expired certificate under Active Directory User Object > Certificates.Can someone please tell me to renew or re-create this certificate?
View ArticleADCS does not want to start - Evend ID 100
Hello,I have a problem with my ADCS services, it doesn't want to start with error EVENT ID 100 :Active Directory Certificate Services did not start: Could not load or verify the current CA certificate....
View Article