security even log forwarding
Hello,i have managed to setup event log forwarding from a source computer (windows sbs2k11 DC) to a collector computer (domain joined Windows 7 Pro). i wanted to capture security events but these...
View ArticleBitlocker network unlock
Hi all,I'm trying to implement a BitLocker network unlock equipment based on this TechNet article:https://technet.microsoft.com/en-us/library/jj574173.aspxAnd at the moment I facing a problem, and I...
View ArticleLong waiting for getting elevated privileges that runs the software.
Hello(translated into English, sorry for the differences in terminology)I have a group of computers that are connected to a Windows Server 2012 R2 Standart. Less than 100 computers. Users do not have...
View ArticleDomain account(s) keep getting locked
Ok, in our company we have aprox 1400 employees..We have multiple Domain Controllers, and 1 Primary Domain... as well as exchange & Lync server and multiple locations with shares and etc.. We also...
View ArticleMake an internal CA certificate trusted in internet
hi all,we have a customer that is requesting to configure his subordinate CA as an external CA, meaning he wants his issued certificate from that Internal SUBORDINATE CA trusted publically in internet...
View ArticleSingle server, single domain, no remote access or web services - Suggest...
I have a single server. It is running a single domain (server has AD, File and Storage, Print, DHCP, DNS, and will hopefully have WSUS running on it). First, we are a small shop (less than 30 users)....
View ArticleNeed help to delete a certficate from personal certificates with "Certutil"
Hi, I want to delete a certificate from personal certificate store in my local machine store. I used following command.certutil -delstore -enterprise -user My <certificate_name>But I got...
View ArticleSingle Root CA server, CRL expired
Hi guys, I need some help with our Certificate Authority. It was set up by generations past of IT folks, so no one really knows why it is the way it is, and no one wants to touch it. We seem to have...
View ArticlePKI, Find the Interanl / external certificate
Hello Everyone,I am new to PKI (AD CS) environment, in my organization i found there are several Certificates issued from the help of AD CS tool. And those are showing Expiring in couple of months.As i...
View Articlecannot log onto the credentials verification site at Microsoft
I have a document in Office 2010 on a Windows 10 application that is protected by IRM. Until recently, (November) I could display my credentials and open it. I cant even apply...
View ArticleCES - certificate template definition in MS-WSTEP
We are implementing service on Linux platform for issuing certificates using CES (Certificate Enrollment Web Services) which resends certificate requests to authority (Enterprise CA). The problem is...
View ArticleAutoEnrolled certificates not working with NPS - EAP Type cannot be processed...
Hi all, I've done a quite a bit of reading to get to the stage I'm at and I'm happy that I have a correctly configured, functioning 2 tier CA based on Windows 2012 R2 with an offline root. Currently I...
View ArticleDNS Domain Certificate
HiWe have our root and child domains and have an internal cert authority for them which works fine.For Sharepoint apps we created a forward lookup zone named xxxx.com which is not a domain as such, but...
View ArticleIssuing CA's signature algorithm want to change from RSASSA-PSS to sha1RSA
Hi,I have one Root CA (Offline) and one subordinate CA in my environment. My all systems are getting certificate from my running SUB CA with signature algorithm RSASSA-PSS and near about 1000+...
View ArticleEFS for shared group
Hello,We are trying to auto enroll or distribute an EFS certificate to users in a specific group without a script due to security.The setup:Server 1: 2012 R2 with AD and CA runningSever 2: 2012 R2 file...
View ArticleLoad balance requests to CA servers ?
We are implementing an MDM solution (AirWatch) along with an internal PKI on Windows Server 2012 R2.We have 2 Enterprise issuing CAs configured with the same certificate templates.AirWatch can be...
View ArticleCertificate template questions
2 questions related to certificate templates :1) I have duplicated an existing certificate template, and in the Cert Authority console have issued the template using Certificate Templates -> New...
View ArticlePrevent delete files in Shared folders but need save changes
I want to prevent delete files from the shared folders & i found a way to that from security tab.but my problem is this.when set that delete sub folders and files & delete user not able to...
View Article401 - Unauthorized: Access is denied due to invalid credentials
After installing MSCEP, enter http://Server2008/certsrv/mscep_admin in the browser.Enter correct user name and password in pop-up box. Windows 2008 keeps rejecting the correct user name and password....
View ArticleCertificate Templates and exportable private key
When managing version 2 certificate templates, I can define "Allow private key to be exported" in a template under Request handling tab. If I leave that box unchecked, then publish the template in...
View Article