How to filter certificate templates in Certificate Authority snap-in with the...
How to filter certificate templates in Certificate Authority snap-in with the correct valuesI have a 2012 R2 server running Microsoft Certificate Authority snap-in. I want to do a filter on a specific...
View ArticleCreate a script for domain users so they must change password once a month
Hello, I want to make an Active Directory Policy which should contain the following requirements: - users must change password at every 30 days- they cannot use the last 10 password - the password...
View Articleaccounts being created with administrative group rights
Hello,The server is a Windows 2003 R2 Enterprise fully patched used for Shared Hosting purposes. It runs Hsphere control panel. I am trying to identify how the following hack is happening. 1) There...
View ArticleIs it possible to use certutil to export multiple certificates from a local...
Is it possible to use certutil to export multiple certificates from a local client machine store, to a .p7b file?Scenario: We have a few legacy certificates based on some legacy templates (2012 R2)....
View ArticleClik here to view.
ADCS Web Page returns "The RPC server is unavailable"
Hello all,I have an enterprise subordinate ADCS CA with cert enrollment web pages installed. When I attempt to submit a CSR using the webpage, I am receiving the following error:However, using...
View Articlewhen any certificate request with "KeyUsage=0xA6" Enterprise CA is not...
when any certificate request with "KeyUsage=0xA6" Enterprise CA is not generating "Key Encipherment" but Standalone CA is able to generating "Key Encipherment" - is it by design[Version]...
View Articlehow to prevent EFS encrypted files getting green color
hi friendsas we know, when we encrypt files via EFS, they get green color so users find out that these are encrypted files. i don't want such thing. is there any method to prevent EFS encrypted files...
View ArticleServer 2012/ Windows 8 browser certificate errors
I'm replacing 2 server 2003 DCs with 2 2012 R2 DCs. All 4 are in the domain still, the PDC is now one of the 2012s. Using either IE or Chrome, any https website throws a certificate error on the 2012...
View ArticleDownload Hash value
Where can I find the hash values of Microsoft product downloads?We have a security requirement all downloads has value has to verified. Where can we find the has value for a download e.g. Dotnet...
View ArticlePassword History Settings, and it's effect
Hello MS gurus,We're looking to ease lockout issues at work. We found a comment on an Educause's list serve (here:...
View ArticleBy changing CDP do i need to reissue the CA certificate and all previously...
Hi all,Given a Windows 2003 based CA what would be the impact of changing the CRL Distribution Point?I mean if i change the CDP by adding or removing entries in the Extensions tab of the CA properties,...
View ArticleClik here to view.
Audit files and folders
Hi folks,I'm collecting all security events of one share folder in file server (Windows Server 2008 R2) with SCOM (System Center Operations Manager). SCOM stores all security events in a SQL database....
View ArticleCan you have two Enterprise CA on the same AD Domain at the same time
HelloCan someone please help me with the following questionIf I have a Windows 2003 R2 Enterprise Root CA on the AD Domain can I also Add a separate Windows 2012 R2 Enterprise Root CA to the same...
View ArticleCan an Enterprise Root CA be converted to an intermediate CA?
We currently are running a single-tier PKI hierarchy where the Enterprise Root CA is also issuing certificates and has all CA roles enabled as well as certificate templates. This environment is...
View ArticleCACert revocation server offline
I'm using CACert for certificate verification and in Outlook none of the client certificates can be verified as the server is offline. The root is in Trusted for both HCCE_LOCAL_MACHINE and...
View ArticleWhy do my servers not trust my code signing certificate?
We have a certificate authority, and its certificate is in the trusted root of our servers. We have used the CA to issue a code signing certificate. After signing powershell scripts with the code...
View ArticleIf I have two Root CA in the same Domain, Do I have to configure two seperate...
Hello All Can someone please help me with the following question :)I asked the question, can you have two Enterprise Root CA in the same AD domain. This question was kindly answered by Paul here the...
View ArticleURL of TimeStamp Server for .Jar files
Hello AllCan someone please help me with the following question.I wrote a script to sign and time-stamp various files types .exe, .dll, .ps1, .jar files etc.I have no problem time-stamping the files...
View ArticleCreating a disclaimer when users / administrator logs onto the PC / servers
Hi there, I would like my administrators / users to see a security disclaimer banner when they log onto Windows regardless server or PC. All of our servers / PC are joined to a domain so is it possible...
View ArticleTemplate does not show up in Web Enrollment pages.
We duplicated the Web Server version 1 template on our Windows 2003 Server CA and published it to the CA for issuence. Set the permissions accordingly, Domain Admins: Read, Write, Enroll Then when...
View Article