Event ID 13 for autoenrollment in DCs
After some firewall changes, some DCs in the Domain, not all, failed to renew Kerberos Authetication template, using auto-enrollmentThe strange thing is that we can enroll manually with success on...
View ArticleSoftware restriction policies
Hello,I've followed a tutorial on the web where I blocked Internet Explorer via a group policy.So computer configuration -> windows settings -> security settings -> Software restriction...
View ArticleTrouble enabling NDES logging
Hi,I am trying to enable logging for Certificate Services Network Device Enrollment Service (NDES). I am following the instructions in the book "Windows Server 2008 PKI and Certificate Security" on...
View ArticleDecommission CA's while leaving certs valid
We have L2TP/IPSec VPN clients (Win XP SP3) that connect using computer certs enrolled by Group Policy. The machines are out in the field during the cert's lifetime; many are far from the office. So...
View ArticlePlease do not just "skim over this." I need your help as soon as possible....
Hello All IT Professionals and Experts!I need your IMMEDIATE RESPONSES...as soon as you are available...I've been reading all of your "expertise," and am in "dire need" of assistance, regarding an...
View ArticleSecurity Permissions
Hi, hopefully this is the best forum for this question.We have a network share which retains folders/files for different Projects, within the root of the share (which all team have access) is a folder...
View ArticleNeed to restart laptop once Remote connection to Server is Lost
Hi All, First of all I am new to the forum and i found this forum really helpful.I an facing issue with my remote connection to a windows server 2008 R2. I connect to the Windows Server "X" through a...
View ArticleNon-domain computers and smart cards
I'm looking for ways to prevent account lockouts by users who access domain resources on our domain from laptops that don't belong to our domain.These people have to access file shares and 802.1x...
View ArticleExecute a Powershell script when the user certificate changes
Hi, I have a Powershell script that make use of user certificates in a particular user's certificate store. Whenever there is a change to the current certificate, I need to automatically run this...
View ArticleInvalid credentials trying to access mscdep_admin
I'm trying to set up SCEP on Windows Server 2008 R2 Standard that is running certificate services so that our iOS devices can connect to our VPN. To do this, I believe I need to set up SCEP and need...
View ArticleAutoenrolment is not triggered at computer startup
Policies in domain and GPO are okTemplates are okIn fact certutil -pulse is working, gpupdate /force is workingBut, a computer without certificate, is not autoenroling. Neither if I delete the right...
View ArticleSetting up secure wireless with cert services and NAP
HelloLooking for some help here.I am trying to deploy secure wireless to a client site. Ive been following both of these guides.Technet BlogNPS ChecklistIve setup NPS and configured the network policys...
View ArticleWindows Server 2008 access NOT asking for credentials
I have a problem where a NON domain PC can browse the shares, all drives ie c$, d$ without any credentials!If I'm on the non-domain PC and go to my other server (Server 2003) and do \\server I get a...
View ArticleRemote desktop SAN/UCC certificate issue
I have an SSL certificate that I use for exchange, i have exported and imported into my separate rds server.the certificate contains mail.domain.com & RDP.domain.com.exchange works fine with SSL...
View ArticleIs mststub.exe malwere?
i was on local disk c: and i saw a very suspicious file i had never seen before called 0c7cf46a9fdea42afb0890ebf3, so i look what was in it and i saw an .exe file called mrtstub i went to properties to...
View ArticleAn VB application does not work via Task Manager
Hello,Recently, we have been facing an issue of an VB application (an .exe DB package file) not working, or not able to trigger via task scheduler, but works fine when ran manually. The OS is Windows...
View ArticleNTFS permissions and TrustedInstaller
I'm sure what I want to do is impossible - but I'm trying it anyway. :)I am trying to sandbox a user account - and the 'least privilege' principal tells me that the user account should only have...
View ArticleSSL Certificate Issues in Windows Server 2003
I have a 2003 R2 SP2 Standard server. I have a certificate issued by a trusted CA. The certificate opens and displays the "The integrity of this certificate cannot be guaranteed. The certificate may be...
View ArticleTrying to have 2012 CA publish to a Network share gives 0x8007010b...
I'm trying to have a Server 2012 CA publish the CRL to a network share via Powershell cmdlet Add-CACRLDistributionPoint .For testing purposes the network share is writable by Domain Users (yes, Ill...
View ArticleObject Access File System Failure Not Generating Audit Failures
This should be simple, right, configure auditing on the file system and set the audit policies to audit object access. It did get a little more complecated in Windows Server 2008 but it seems straight...
View Article