Auto Enrollment of computer/user/domain controller certs using a different...
Hi All,There is a domain joined root ca in example.com domain. All the clients that were part of the example.com were getting certs auto- issued/renewed based on the auto enrollment policy.There is...
View ArticleCertutil Command Adds Unwanted Timestamp to csv
Hi all;I am using the following command to pull a list of expired certificates in powershell:<snip>$Today=Get-Date -Format yyyyMMdd $ReportDir="D:\ExpiryReports"certutil -view -restrict...
View ArticleHow to update user´s Token, updating group membership over user-initiated VPN?
How to update user´s Token, updating group membership over user-initiated VPN?The problem: Users are at Home and first they logon at their machines using cached credentials and only AFTER the login,...
View ArticleBitlocker Best practise
Dear all. We are preparing to implement Bitlocker on servers. we completed bitlocker project on user computers successfully. now i am a bit confused how to implement bitlocker on virtual servers? we...
View Articlesteps to renew root, subordinate, and issuing CA certificate authority in...
Hello Experts, We do have a PKI infraestructure in place running Windows 2008 R2, AD Forest/Domain functional level are Windows 2008 R2. All DCs, and certificates servers are Hyper V VMs running...
View ArticleClik here to view.
Forwarded Events via Windows Event Forwarding (WEF) whos SID instead of user...
Hi gents,I'm currently working on WEF based on Jessica Payne's WEFFLES.Everything is working - I can see my collector gets the events I want from endpoints. Though one thing I noticed is that forwarded...
View ArticleClik here to view.
Enterprise PKI and AD CS cannot download/get revocation list for offline root CA
I have everything configured correctly for AIA and CDP locations, as you can see here:..but it keeps saying "Unable To Download" and without a flag set for revocation checks to be ignored, everytime I...
View ArticleUse Powershell to update permissions on file server
Hi, trying to update an entire folder on my file server of "E:\MyDocuments\ from having inheritance to not but to also then convert inherited permissions into explicit permissions on the folder. Then...
View ArticleRandom Login issue - Username or password incorrect
I'm having a seemingly random login issue authenticating with a Windows 2012 R2 server.I'll get the error "Username or password is incorrect, try again" when I absolutely know I'm using the correct...
View Articlemigrate standalone CA to two tier enterprise CA
We have Windows Server 2012 R2 Standalone CA server (domain joined) that we want to migrate to two tier enterprise CA. resultant hierarchy will be 1 x offline root CA and 2 x subordinate CA. I know we...
View Articlewhat is -f & -q in certreq
Good Morning,what is -f & -q in certreq?certreq -new -f -q test.inf test.reqAliahMurfy
View ArticleClik here to view.
SSL Server Certificate issued by AD CS - Chrome: "This site used an outdated...
I'm used to OpenSSL but I'm getting into Active Directory Certificates and I'm trying to issue a server authentication certificate for the web server for one of our printers, but I keep getting this:It...
View ArticleSmart card KSP Key archival
Hello everyone, I am trying to issue separate S/MIME certificates for encryption and signing. For the certificates used for encryption I enabled key archival, but when I try to enroll a user using a...
View ArticleLAPS with Multiple Accounts
Can we setup LAPS to use 2 different local admin accounts?Let's say Admin1 for ALL member servers and Admin2 for All workstations?Thank you
View ArticleOutbound rule leads to Email issue
Hi,I added Outbound firewall rule but now Email message is not sent properly but it is fine to receive anything. Which firewall rule is leading to this?Many Thanks & Best Regards, Hua Min
View ArticleRenewing Enterprise domain joined Sub Certificate authority ?
When you renew the Sub CA certificate which is domain joined, does the certificate:1. Get published automatically to directory services without need of certutil -dspublish2. propagation on all domain...
View ArticleWhy is "Authenticated Users" in the local Users group by default?
This has been bugging me for as long as I can remember:By default, "Authenticated Users" is a member of the local Users group on all Windows Servers (2003/2008/2012).My colleagues, and I, agree that...
View ArticleClik here to view.
Windows Server 2016 Security
Hi All,Original thread:https://social.msdn.microsoft.com/Forums/sqlserver/en-US/55b3bbbb-5d6f-4cd6-a81b-774b4d4a535c/sql-server-2017-password-complexity-rule?forum=sqlsecurityMS SQL and Windows...
View Articlesteps to renew root, subordinate, and issuing CA certificate authority in...
Hello Experts, We do have a PKI infraestructure in place running Windows 2008 R2, AD Forest/Domain functional level are Windows 2008 R2. All DCs, and certificates servers are Hyper V VMs running...
View ArticleChanging Domain Password
Just wondering, I have a 2016 active directory domain. Currently the password policy is basically minimum of 6 characters, can't use last five passwords, and the other settings are pretty much the...
View Article