NTP server setup in DMZ
Hi Team,We have Windows 2008 AD infrastructure with Single domain Single Forest & 30 remote AD sites with RODC in it. We are planning for NTP server setup on Windows 2008 server in DMZ......can...
View Articletrust between two domains
I am having a problem understanding: Once you made a trust between two domains they will be able to login, into each other team system.But I don't get this:Once the trust is made they are able to login...
View ArticleHow to create CSR for user certificate using certmgr.msc?
Hi,I am trying to run a test by importing AD user certificate to SAP client so the user can login to SAP with their AD account. Currently, we are not running AD CS PKI infrastructure. Therefore, I will...
View ArticleRequest Certificate with custom values
Hello, I´m working on a deployment of StandAlone CA. Only a month ago in this country (Paraguay) we have a law about Certificate Authority and the law indicate that every certificate have to had...
View Articleadvanced audit policy dabbling and regretting
noticed a lot of "windows filtering platform" events on an 2008 r2 member server in a 2008 R2 domain.for grins, disabled windows filtering platform events on my GPO that sets audit settings. gpupdate...
View ArticleBackup Windows 8 bitlocker key to Windows Server 2012/ 2012 R2 AD
Hi,My environment has 20 new clients laptop (without TPM chip) install with Windows 8 and plan to enable bitlocker and backup bitlocker key to AD for recovery purpose.May i know how to do this, since...
View ArticleClik here to view.
TEST LAB Guide: Demonstrating Certificate Key-based Renewal from Kurt Hudson...
Hi all,We have been working since a full week building and rebuilding on different platforms this test lab and we have encountered a lot of different errors. (3 platforms are running)One of our test...
View ArticlePKI 2008 R2 Backup
Hi all,I'm validating a process to restore the PKI and all certificates generated. Currently I use a "certutil -backup" command but I've seen that it exists a "certutil -backupdb" command.What is the...
View ArticleClik here to view.
Problem with Certificate enrollment on Windows 8
Hello, our company uses a certificates (for EFS, email encryption etc.) that has in certificate template enabled setting Archive subject's encryption private key (in request handling tab). On all...
View ArticleEvent 4776 Error Code: 0xC0000234 but account not actually locked out
I am coming across several instances where a user will get the error code 0xC0000234 for event 4776 and Failure Reason: Account Locked Out for event 4625 but the account never actually locks out. I...
View ArticleBest practices for protecting files from ransomware?
If you don't know what CryptoWall and such ransomware is, you are lucky. For now.This os probably more of a Desktop security issue but I'd like some ideas for file server protection.A corporate office...
View ArticleAudit failure every 2 minutes on a W2K8 standalone Server in a Workgroup...
HelloBy chance I discovered that every 2 minutes there is a login failure on my standalone (Workgroup) W2K8 R2 Server.The administrator is disabled (login errors also appear when administrator user is...
View ArticleLocal user provisioning requires local administrator privileges?
Hello,Scenario: User-A needs to provision User-B as a local administrator on a Windows 2008R2 server.Is there a way for User-A to do this without User-A being a member of the local Administrators or...
View ArticleWindows Server 2008 R2 - Offline Root CA published to Intermediate Store...
I have a 2008 Server R2 setup on which I am configuring Auto Enrollment. I am using an External CA for issuing certs. While issuing a computer certificate from a template, Root CA cert is getting...
View ArticleLDAP over SSL on Windows 2012R2 Server DCs - TLS 1.2 not working
Hi there,We've upgraded our DCs from 2008 R2 to 2012 R2.After moving the Enterprise CA from 2008 R2 to 2012 R2 domain controller (same IP, same hostname) according to this guide:...
View Articleshared folder perms
I have a “SCAN” share on a server 2012 where SHARE perms are set to full control to everyone and NTFS perms are set up as following:Administrators, SYSTEM and ISCANEMALL user accounts have Full control...
View ArticleRequest a Certificate from Server 2003 to Enterprise CA on Server 2012
Hello,I'm attempting to create and submit a request to my Enterprise CA (on Server 2012) from a 2003 Server. I'm using the web request form and using the Web Server template. I create the request and...
View ArticleUsing code signing certificate results in classnotfoundexception
We are running a certificate authority on windows 2012. Our programming section developed a java application on linux and wanted to code sign it. They created a csr and sent it to me. I created a...
View ArticleHow to define challenge password (SCEP) manually in windows 2008 Enterprise CA
reference doc (I can't past link, so I just list doc name): Network Device Enrollment Service (NDES) in Active Directory Certificate Services (AD CS)==The doc said this one-time password is random.We...
View ArticleHow could I know whether Microsoft patch need reboot or not ?
We use win2003R2 and win2008R2 and so on in the domain environment.When we apply the Microsoft-provided patch, is there any way to know it need OS reboot in advance ?
View Article