Signing Certs with sha256 when CA is sha512
I'm seen many posts about downgrading and upgrading, but nothing quite like this.My CA is 2012R2, Provider is MS Software Key Storage Provider. Hash Algorithm SHA512.All my certs are issued with those...
View ArticleHow to strip down NTFS level security of cmd.exe down to only 'local admins'...
Hello, For IRS security requirements, we need to restrict access to C:\Windows\System32\cmd.exe for web servers to the following: System: Full ControlLocal Administrators: Full ControlBut default...
View ArticleBitlocker locks drive after every reboot
Windows Server 2012 R2 Standard.TPM chip installed.C and D drives are encrypted with bitlocker, and unlocked. When I reboot, the D partition is locked every time, and I have to enter the bitlocker...
View ArticleEnabling AES 256 GCM on Windows Server 2012 R2
I'd like to enable the use of the AES 256 GCM encryption instead of the AES 256 CBC. We already have ECC certificates based on ECDSA so that pre-requisite has been fullfilled. The certificate has a...
View ArticleCertificate Template Replication issues
Hello Team,We have a 3 tier CA infra with 2 enterprise issuing CA machines and it has 1 Root and 1 policy machine., All of these are SHA1 certificate issuing Servers. When i add a new SHA2 Enterprise...
View ArticleDisabling TLS 1.0 breaks COM+ application using MSDTC transaction
We've been mandated to disable TLS 1.0 (and 1.1) on our Windows 2008 Server R2 boxes. When we do so, we get this error: Exception type: COMException Exception message: [Microsoft][ODBC SQL Server...
View ArticleUse client certificates to authenticate with SSTP
We use SSTP in our environment to establish VPN connections to our company. For authentication we use PEAP which uses a server certificate that we have created for this purpose. This one server...
View ArticleClik here to view.
domain administrator privileges denied
I am the network administrator of a network containing 6 servers and about 30 client computers. The domain is a windows 2008 R2. Today I went to all the computer to change a setting in Local security...
View ArticleWrite-Once Folder
We have been using custom permissions to create shared folders for classroom project submission. They have worked well for years, but lately there has been some issues with the folders and denying...
View ArticleCertificate Authority - Autoenrol
When you enable the autoenrol feature and certificates and renewed automatically 6 weeks before, how they are propagated on the client machine ? Do they need to revisit the CA web url and the...
View Article[Event ID : 36887] - A fatal alert was received from the remote endpoint. The...
we have a W2k12 server with dc, print and file server role.I was checking the event logs to figure out an audit issue, however i have found continues event id 36887 in system logs."A fatal alert was...
View ArticleCertificates on Smart cards
Hi,I would like to technically know how the embedding of end-entity certificates on smart cards occurs when the requests and certificates are being made through web services (web portal to requests and...
View ArticleFrqeunt Schema Admin Account Lockout
Hello There,we are facing a problem regarding lockout issue of our schema admin account, according to events it is locked by our DC after further analysis we found out that it is being locked from a...
View ArticleMigrate Symantec Certificates to Microsoft
My company currently uses internal and external certs from Symantec.I would like to use a Microsoft platform for internal certs to save time and money.There is an internal PKI infrastructure Ho would...
View ArticleApplocker will not audit events
I have Windows Server 2012 R2 installed with the latest updates. I would like to use Applocker in "audit only" mode to work through some "what if" scenarios. I have configured all Applocker rules to...
View ArticleAD account disable using mobile devices
Hi! We manage a small size network and rolled out a couple of MS Surface Laptops within a local domain. The server is a Windows 2012 Sever with AD role. The Surface laptops are part of the local...
View ArticleA couple of questions about IPSec
Hello,Can someone assist with the following questions please.I am reading up on IPsec and from a Windows computer (e.g. Server/Workstation) some things are unclear still.Question 1:Some of the...
View ArticleIs it possible to remove a Certificate Authority or to revocate certificates...
Hi everyone!I've been assigned to a company's proyect to install a NEW CA in their infrastructure. I've used 'certutil -config - -ping' command to check if there was any inactive CA and found that...
View ArticleServer 2013 Hacked Into
When i accessed our Server 2013 this morning someone had logged into it without permission.They had opened Mozilla Firefox browser and had opened a webpage to test the broadband speed then tried to...
View ArticleServer 2012 R2 AD CS Cross-Certification
I'm looking for modern TechNet information, step-by-step guide, on setting up Cross-Certification between two CA hierarchies. The only thing I can find are references to the Server 2003 documentation...
View Article