Estimating NTDS.dit size increase for Credential Roaming
I found this thread about estimating the size increase in the NTDS.dit file after enabling Credential...
View ArticleISA 2006 ENT drops External traffic
<p></p><p>The ISA server 2006 drops the connection periodically, and disabling the external NIC and reenabling it fixes the problem.. When it drops the connection, to VPN and Internal...
View ArticleUnable to import a trusted root ca with user account, but computer account
Hi,All my clients in the domain can't import cert as trusted ca, but if they open mmc, manually add cert manager that manages the computer account, the cert can be imported successfully.Any thoughts?
View ArticleMystery unicode character in logs
Hi,When I got a 4616 security auditing log, there was multiple mystery <200e> unicode character (as shown in VIM) in time stamps, i.e 2013<200e>-1<200e>-10Any ideas where that come from?
View ArticleWhat is the difference between KB2728973 and KB2798897 for windows 2003?
Both the updates have same name 'rvkroots.exe'. While making an iso i can include any one of them as the name is same.Is KB2798897 latest update of KB2728973?
View ArticleHow to increase the lifetime of Enterprise Root and Subordinate certification...
Hi, I'm hoping somebody out there can help out...I have a question about extending the lifetime of certificates that can be issued by our Subordinate (Issuing) Certification Authority. I've worked...
View ArticleNeed to generate Certs that use a Signature Algorithm of SHA1 with RSA
I have a Windows 2008 R2 Certificate Root server that I am trying to issue certs for a Cisco server. When I upload the certs that are genrated with RSASSA-PSS I receive an error of "No such signature...
View ArticleIM role holders in child domains are not GCs. Why can't they get a...
I already knew clients need to be able to contact a root domain DC/GC to get a certificate, but I did not know there would be a certificate enrollment problem with child domain Infrastructure Master...
View Articledomain user rights
I am using Wnidows server 2008 as DC. In my domain users are able to access the server and all other computers without any restrictions. although write or read permissions can be set on the folders, I...
View ArticlePCI compliance Windows 2003 32bit Standard and BEAST TLS/SSL Exploit
Does this fix (disabling) PCT 1.0 prevent the BEAST TLS/SSL Exploit on Windows Server 2003 32bit Standard?on the support site: 187498?wa=wsignin1.0If not what do I need to do. I am not PCI...
View ArticleReplace root certifcate.
What is the best way to remove and replace the certificate on the Root CA? We will need to keep the same private keys but need to replace the certificate it uses to issue new ones off of.Thanks!Shawn
View Articlesome local users cannot logon to Windows 2003 / XP - "Access is denied"
Environment:All computers are in workgroup, no domain, about 250 XP professional with sp3, 250 Windows 2003 Standard servers with sp2, problems are affecting about 5% of the computers, but number...
View ArticleSecurity log flooded with 4624 & 4634 - How can I find the source of these...
I recently noticed on one of my servers the security log is flooded with 4624 and 4634 events, for type 3 logons under my domain admin account. The server in question is a low volume terminal server,...
View ArticleClik here to view.
NDES / SCEP Authentication Anomaly
Hi folks, I have built 2 NDES servers lately to serve SCEP. Server 1 enrolls to CA #1, and Server 2 enrolls to CA #2.I used the same users and settings for both installations, aside from pointing each...
View ArticleWindows 2008 Server Audit policy
Dear All,We have windows 2008 Server 64bit along with SP1. we have ADS, DNS GPO it's working fine .I would like to implement Audit policy for all my GPO client users and servers. My current environment...
View ArticleRestricted RPC dynamic ports in trust scenarios? (Do we need to restrict the...
Hi there!My situation is as follows:We have some servers running SharePoint in a resource domain "A".The clients and user accounts are in domain "B", and there is a two-way trust between domains A and...
View ArticleAuditing Passwords
Are there any free tools that can test domain passwords as part of a security audit. I know you can use tools to dump hashes, but I was after something more "live" to conduct with the administrator....
View ArticleIPSEC tunnel Server-to-Server Windows 2008 R2 problems
Hi to all ,I'm trying to implement IPSEC Tunnel between two Windows 2008 R2 Server . I have two different subnets and firewall between them Subnet 1 : 192.168.0.0/24Subnet 2 : 172.16.0.0/24There is...
View ArticleCertificate Autoenrollment Group Policy
First let me just say that yes I searched this forum for "autoenrollment" and "auto enrollment" and similar variations and found nothing relevent. Second I must admit that setting up the GPO for this...
View Articlemachines unable to bootup after gpo change
So basically I am trying to make a gpo which starts 3 services, which are required for remote management for Forescout. After deploying the gpo, tons of machines were unable to bootup. When you do...
View Article