Download Hash value
Where can I find the hash values of Microsoft product downloads?We have a security requirement all downloads has value has to verified. Where can we find the has value for a download e.g. Dotnet...
View ArticleUser can list folder contents with all DENY permissions
We have discovered a very strange issue on our file-server (2012 R2).We have a folder structure like this:\\Server\Root\Folder1\Folder2\ with the following breakdown:Shared Root folder via DFS...
View ArticleCertificate choices for Exchange 2013, ADFS and WAP
This question has now been 'moved' to the Exchange 2013 forum.Can you please help me with certificate choices?We currently have an Exchange 2013 server publishing OWA, EAS, etc. externally with ISA...
View ArticleClik here to view.
Uninstall or Migrate CA from Win2003 DC
I have an old Win2003 DC that has a CA running on it. I think it was installed specifically for RADIUS use with authenticated Wifi clients on a Cisco WLC. The Win2003 DC is now the last of the...
View ArticleProblems with ftp on Windows Server 2012
Hi all,We just setup a new server running 2012. I ran into a problem while trying to move over/recreate some of our exisiting jobs that run on the task scheduler on a Windows 2003 Server box.One job...
View ArticleADFS is asking users to select site
Hi,We have ADFS and ADFS Proxy implemented.we are facing the issue , we more that 30 relying party trust created for different customers.once of our customer is facing problem is , when their...
View ArticleHTTP or LDAP for CRL
Hello I am setting up a new PKI (in a LAB initially) an reading up on the subject.I see the default location for the CDP is in the Configuration partition in AD and therefore accessed via...
View ArticleSMB2 Server Denial of Service
Hi,My firewall has detected the "SMB2 Server Denial of Service" on one of our domain controller servers based on windows server 2008R2. Is there any workaround or updates/patches that could help me...
View Articleproblem with criticality of key usage extension
Hi everybody, I'm instaling a subca and I'm submitting the request to a standalone CA. I need to make the key usage extension of the subca certificate critical, to do so after I submitted the request,...
View ArticleServer 2008 R2 Certificate services web enrollment
Not sure if this is the right place for this, but here goes.Upgraded a domain to 2008 R2. Migrated certificate services to 2008 R2 Enterprise root on a member server.Autoenrollment works fineRequesting...
View ArticleHow to exclude a user /group from auditing
Hi,I am enabling auditing on windows file system by enabling SACL on the file folder to everyone.It logs events for every user in the security log.Is there any way to exclude a user /group from auditing.
View ArticleADFS 2.0: Can the outgoing claim be set to lowercase?
So I have a relying part trust set up to an external vendor's system. However they require all incoming claims to be in lowercase to authorize. Kind of strange, I know...Anyway, is there a way to make...
View ArticleBitLocker Encryption Offload Hardware
Hello everyone,So really this is a general question with regards to the hardware that can be used for BitLocker; I am wanting to find some hardware solutions that would offload the processing of...
View ArticlePKI: Certificate Request stuck in Certificate Enrollment Requests
Hi allI have from MMC - Local Computer Account - Personal - Certificates - Requested a new Certificate from my CA (Active Directory Entollment Policy)I use a template where auth users has allow on read...
View ArticleClik here to view.
CPD Location #1 Expring
On my Certificate server I noticed a warning says my CDP Location #1 was Expiring. Does this auto renew or do I need to do something? This DeltaCRL Location #1 expires on the same date but it shows OK.
View ArticleIs it possible to reset SubCA private key permissions?
I have a new CA running on Windows 2008 R2 which is failing to start after reboot, the SubCA certificate's private key permissions were "updated" in an ill-conceived attempt to provide read access for...
View ArticleNeed to change my domain administrator password
Hi all, I need to change my windows domain administrator password. The password is too old and is known by far too many. I manage two windows domain’s. If I change the domain administrator password...
View ArticleClik here to view.
Subordinate CA Template duplicate not supported error
We have just migrated our Enterprise certificate authority servers (Subordinate and Root) from Server 2008 SP2 to 2012 R2. Right now, I'm trying to modify the default validity period for the...
View ArticleIs it okay/safe to remove the Administrator account from Domain Users group??
We have a new Windows Server 2012 R2 set of servers.The administrator account is in the domain admins group, it's called site-admin, it's also in the Administrators group.The site-admin user is also a...
View ArticleAccount lockout in Windows Server 2008 R2
Hello Experts,Please help me with my case.My domain account is getting locked frequently (every 15 mins it receives a bad password from some process).Here below you will find the event information from...
View Article