What is the best way to manage multiple win10 devices with Windows defender +...
I heard that Microsoft has couple of tools to manage centraly Windows Defender and manage different USB devices across the the network..System Center and Intune but not sure..I basically need a product...
View ArticlePushing wild card certificate with private key through GPO
Good Evening All,We have a strange request by our client. We have to push through GPO a wild card certificate with private key to all the computer store of workstation. The certificate should not be...
View ArticleSCEP Restrict Accounts that Can Request
Guys, using NDED on Windows 2016. I wish to restrict the accounts that can request certs via SCEP/NDES that's hosted in IIS. How do I do this? Do I set the AllowUsers in the Web.config file or the like ?
View ArticleEFS certificate and expiring intermediate cert
Hello, We recently migrated all certificate templates to a new CA (root & intermediate), so EFS certificates will now be issued by this new CA. Now, in a couple of weeks, the old intermediate...
View Article"Act as part of the operating system" user right is not granted on Windows...
Hello,I'm currently working on an issue with a customer were privileges are not assigned to a given user on Server 2019.Scenario:1) We created a domain user, which is allowed to logon on the server....
View ArticleUnencrypted Remote Authentication Available - RPC
Hi, I have run an vunerbelirty scan and one outcome is this. I have done some investigatin but not come up with any solution. What to do? This RPC service allows cleartext or very weak authentication...
View Articlesvchost.exe -k RPCSS keeps locking user account
The process "svchost.exe -k RPCSS" is making multiple RPC login attempts to a remote server, multiple times per minute. It is using a user's credentials and ends up locking the user's account in AD...
View ArticleMicrosoft certificate services internal and external certs
I'm looking to move away from an external certificate service and install Microsoft Certificate Services on a 2016 OS member server in my domain.Previously the external service could create internal...
View ArticlePrivate key permissions on ADCS issued certificate
What is best practice when assigning private key permissions to service accounts that need them when the certificates are issued via a certificate template in ADCS?If I manually assign permissions to...
View ArticleSecure Score equivalent for on-prem?
Hi,Secure Score is a great tool for evaluating your Cloud security position.Is there an equivalent tool we could run on-premise?We still have a lot of on-premise components and infrastructure (and will...
View ArticleMigrating SBS 2011 Certification Authority (local) to Microsoft Windows...
Hi Support, I am looking for some help. I am Migrating SBS 2011 Certification Authority (local) to Microsoft Windows Server 2016 Standard x64 But when I choose to back up SBS 2011 Certification...
View ArticleOCSP Server Cache
We are looking at seeing up an OCSP array in our test environment but I was wondering if anyone knows how long the OCSP server will keep replying to queries without access to the CRL. Is there any...
View ArticleServer 2019 Web Enrollment "No templates found!"
Configuration:2 Tier PKI (prototype configuration, so anything can be changed)Standalone Root CA: Windows Server 2019 Core Build 17763Enterprise CA: Windows Server 2019 Core Build 17763Roles: CA, CA...
View Article2 factor authentication
I'd like to set up two factor authentication for any user with Admin access. My employer doesn't want it company wide though. Has anyone any suggestions or recommendations on what to use?
View ArticleUsing EFS encryption for only one machine in AD
Hi all, I would like to ask if I can create a specific local group policy to use the EFS encryption function foronly one machine under AD. Is this feasible? 1st Try (Failed)1) Local Group Policy Editor...
View ArticleCertificate Revocation Question
I have servers in a "closed" network, ie no access to the World Wide Web (WWW). I have server errors within the CAPI2 log that I want to resolve. I know these errors are valid because it can't reach...
View ArticleSAML - dubbed 'dupe key confusion,' - Info request
Hi,I heard about about an issue SAML authentication bypass threatens Microsoft Presented in Black Hat 2019 (August) Micro Focus security researchers demonstrated a new technique, dubbed 'dupe key...
View ArticleKB4507461 rolls back on restart (2008 SP2 x64)
I noticed recently that KB4507461 (2019-07 Security Only) showed as not installed on a particular 2008 server. Went to try and manually install and it installs but when restarting it reverts the...
View ArticleRenew certificate issued by local Certificate Authority - Closed
Hi,We have local Certificate Authority server Windows 2012 R2. There is a certificate that was issued by the CA and is expiring on August 23, 2019. How can we renew thecertificate?Thanks
View ArticleWSUS Windows Server 2016 change IP of clients
Hi We changed IP addresses for a bunch of servers but WSUS is still reporting old IP addresses for the server. The Serves (with new IP addresses) are pingable from WSUS. Thanks
View Article