Untrusted Certificates
I have been trying to learn a bit about security recently and in investigating my certmgr.msc, I noticed an untrusted certificate in the Personal/Registry/Certificates path.It is issued to...
View Articlequastion - task for expert thinkers 5 ( Protecting servers )
Ok here is the situation:The networkconsists ofa singleActive Directory domainnamedsomething.com.The domaincontainsWindowsServer 2008FileServernamedServer1.Duringa routineSecurityAuditing, i checked...
View ArticleTheoretical question: what happens with issued certificates if issuing CA...
Hi all,General question..I have a Standalone root CA and an Enterprise issuing CA. What happens if my Issuing CA gets a new certificate with a new key pair. The issued certificates to users/computers...
View ArticleWe would like to decommission our current CA and create a new one
Our CA is one of our Server 2008 Domain Controllers, and it was set up by a previous IT team. (Translation: I don't have much experience yet with CAs.) We would like to separate the Certificate...
View ArticleWindows Advanced Firewall outbound authentication breaks rule
I'm trying to establish a set of Windows Advanced Firewall rules (client side and server side) that will restrict SMB and RDP access using IPSec. I can't get the outbound client authentication to my...
View ArticleMicrosoft Trusted Root Certificate Authorities Has More Than 200 Entries
I've been trying to find a "good" answer to how to deal with this issue and I really can't find some solid advice. Recently the Microsoft Trusted Root Certificate Updates have exceeded the...
View ArticleEvent ID 529 issues
We are getting these failures every 10 minutes in our security log. It happens for 18 users so 18 failure events every 10 minutes.Any tips on troubleshooting what is causing this?The IP address below...
View ArticleAudit report for Deleted files
Hi All, I am working on a script which would send an audit report in CSV format every 24 hours. The problem that I am facing is that when I take the report out, it has a lot of .tmp files in it which...
View ArticleIssues with Enroll on Behalf of for my internal PKI
So I am trying to do a enroll on behalf via my cert.mmcI have a valid Enroll User Agent cert which is a duplicate of the built in cert template. It is in my personal store and is valid on my Windows 7...
View Articleaccount failed to log on
Hi! We recently needed to change all admin passwords when I co worker left the company. Since then, the security logs are filling up with audit failures such as below: Log Name: Security Source:...
View ArticleDissallow access to a folder structure to all but one person
I need to be able to create a set of folders on a server and restrict read and write access to all but the currently logged-in user (and admins) thru a Batch/Command file script. I see that "subinacl"...
View ArticleUnable to view the security log
Hi, I need to grant a administrator (with backup operators right) to logon to the member servers and check for the three logs (application, security and event). However, the user is unable to view the...
View ArticleOID within the CAPOLICY.INF
Hi,I was wondering if somebody could tell me the purpose of the OID within the capolicy.inf file. Is it needed/required to have?Can you still have the Notice and/or URL within the inf without...
View ArticleWhich Cert key store to put a "Internal Document Signing" cert into?
Which key store should I put a "Internal Document Signing" cert into, Trusted Publishers?Thanks!Shawn
View ArticleClik here to view.
Can I define "Predefined set of computers" by myself in Windows Firewall?
OS: Windows Server 2008 R2I want to know if I'm able to define "Predefined set of computers" by myself in Windows Firewall.
View ArticleClik here to view.
execution sequence of Windows Firewall
OS: Windows Server 2008 R2Hi, what is the execution sequence in Windows Firewall? Or no execution sequence? I want to use both allow and block policies in Inboun Rules like in ISA Server.Thanks, 高麻雀
View ArticleFine grained control of user local logon
Hi folks,I have a scenario in which I need to control in great detail who can log on to each client machine in a domain:We have 15 workshops each of which contains 2 servers (machine control software...
View ArticleIn-Place Upgrade from Windows 2008 R2 to Windows 2012 on AD CS server
We currently have a Windows 2008 R2 server running as our Intermediate ADCS server. Since it's a VM I'm hard-pressed to find any reason why I shouldn't do an in-place upgrade to 2012 to get some of...
View ArticleWhen submitting a Cert request only 1 subject alternative name returned in...
I need to create a cert for a computer and I need to supply a number of subject alternative name values but when I complete the cert enrollment request and supply the different subject alternative name...
View Articlequastion - task for expert thinkers 5 ( Protecting servers )
Ok here is the situation:The networkconsists ofa singleActive Directory domainnamedsomething.com.The domaincontainsWindowsServer 2008FileServernamedServer1.Duringa routineSecurityAuditing, i checked...
View Article