How can I query my Certification Authority database to find a certificate and...
In our environment we have thousands of Macs that enrol for device certificates using SCEP from the Apple Configurator utility which then connects to our issuing Windows 2008 R2 CA through NDES.We will...
View ArticleInbound firewall rules
I have a gateway server in my DMZ, I need to open up ports so users can hit it from the internet.I need to receive connections on ports 22, 443, and 990. So on my inbound rule on my Windows 2008...
View ArticleValidating inactive accounts in AD
We have a need to review the many hundreds of AD accounts on our domain that appear to be inactive. I've been told that while we have many accounts that are disabled or inactive that many have a good...
View ArticleAdding Password Complexity - Effect on existing passwords
We are running a Windows 2008 domain. We need to implement password complexity via group policies. How will this effect existing users? Any reference links would be great incase this change goes...
View ArticleAuditing Network Adapter Configuration Change
in Windows Server 2008 R2 Enterprise, where do I go to audit any changes made to the network adapter (new DNS server, gateway, subnet mask...).I want to know who changed what and when.Is there a way to...
View ArticlePop-up Message for Network Folder while accessing.
I am using windows server 2008 file server and I need to create on share folder with auto pop up message as custom alert information. Is there any way to create such folder with popup message.
View Articlepatch KB958869
Hi, one of our server is Windows Server 2008 R2 SP1, Im trying to patch an update KB958869 but upon checking on technet and Microsoft's download center, I only saw 1 patch for Windows Server 2008 x64...
View Articledisallow weak cipher algorithms in the SSL negotiations for IIS 7.5 and 8
Is there a fix to disallow weak cipher for II 7.5 and up? I know there is for running IIS 7.0. http://support.microsoft.com/kb/187498 and http://support.microsoft.com/kb/245030. I don't know if these...
View ArticleWMI Right on a Windows 2008 Domain Controller for a non administrator
Hi,I Have a Domain controller, and i Want to have access to the WMi Class, with a non administratorI give the right to I have no UAC, And no Firrewall blocking the traffic.I Have give the right to DCOM...
View ArticleHow to remove saving to desktop - server is not on a domain
How do I remove saving to desktop - server is not on a domain.The server has 1,400 users and I need to remove all of them from saving to the desktop. I see some examples but they use folder redirection...
View ArticleAttempting to Export Private Key fails with Ambiguous name error
I'm working throught he instructions on how to export a private key in the event someone loses their Outlook encryption keys. I'm at the point where I'm trying to export to a blob file.certutil...
View ArticleCode Signing Certificate for all admins - Best Practices?
Hi allI'm sorry if this is posted in the wrong section. I had my doubts about which section to use.We've decided that we want to change our script execution policy to AllSigned. With this in mind, I...
View Articlewhy SSTP protocol can not be used for site to site VPN in windows 2008 R2
hi alli want to know why SSTP protocol can not be used for site to site VPN in windows 2008 R2? does it have a technical reason or Limitation? i mean could it be supported in this version on windows...
View ArticleAD CS or PKI content comments or questions
You can ask technical questions about AD CS, PKI, or provide feedback about a document on this Security Forum. Please, remember to search the forum for your answer or issue before creating a new...
View Articlehow to give permisson AD user to login server
hi i have 2008 server i plant to give one AD user to login our company server but he do not has administrator rights i must give one user to login our server without admin rights.i try to give this...
View ArticleIPSec VPN between Cisco ASA and Server 2008 R2
Hi, I need a site-to-site VPN between an ASA and server 2008R2. I've done ASA-ASA ASA-other firewalls many times before but this is a bit confusing. What I usually see for Server 2008 is RRAS. I don't...
View ArticlePublish CRL on a Web Server in another domain
HiI have two domains, domain A and domain B no trust what so ever between them. Our corparate network belongs to domain A, domain B is a domain for remote users.For example we have Exchange in Domian A...
View ArticleDHCP and DNS interaction
I am playing now with DHCP and DNS, particulary with dynamic secure updates. As I understand it is used to allow only AD-authenticated users to register their DNS records. But the question is - if I...
View ArticleAIA & CDP extensions on Root CA
Hi,Busy configuring an offline Root CA, with an online AD integrated Subordinate CA to follow.On the root CA, we have left the LDAP and HTTP locations for both CDP and AIA (pointing to AD and HTTP...
View ArticleInternal Windows 2012 PKI Best Practices?
Hi,We are going to deploy an internal Windows 2012 PKI, and were wondering about the bit length Best Practices?The question is both around the overall PKI deployment, and a more specific Lync...
View Article