Workplace join SSL Certificate
Is there anyone could help me about workplace join.I followed Technet "Setting up the lab environment"http://technet.microsoft.com/en-us/library/dn280939.aspxBut I still don't understand which...
View ArticleHow to Extend Root CA Certification ?
Hi AllWe're running Enterprise CA in our organization, we faced out CA going expired by next month, it's got any step to extend it? other devices like Exchange, Radius Server need to reissue/renew...
View ArticleClik here to view.
Windows Firewall. Internet and Intranet Predefined set of computers.
HiCan you please explain what do these sets mean according to firewall? Is there a documentation?Thanks!Любовь долготерпит, ...
View ArticleDo IPSec Filters update with background Group Policy Refresh in 2008...
Background: I am migrating a secure 2003/XP environment to 2008 R2/Windows 7. I use domain based IP Security throughout the environment with an entry per device. So each time I add a device or...
View ArticleStrange CDP Location download issue
I have deployed a two tier CA on Windows 2008 R2 Enterprise:Offline Root to Subordinate Issuing CA. Copied the Root Cert and CRL files. IIS is running on the subCA server and has Directory Browsing...
View ArticlePublishing CRLs
Hi,Many guides point to publishing CRLs on web servers that are NOT the Subordinate CA's IIS. So if we use another web (IIS) server, and in the CDP and AIA point to, for...
View ArticleDuplicated Certificate Templates no longer appearing in Certificate Template...
I have an enterprise two tier CA with an offline Root and a Subordinate Issuing CA.I had a couple of duplicated templates that I created and had them issuable, however I recently went back into the CA...
View ArticleHow to Protect Webserver from different attacks
Hi All,We need your advise to protect our webserver we have webserver installed on Windows server 2008 Ent SP2, we have installed following software for protection but we are facing problem every month...
View ArticleUsage of third part CSP on Win Server 2008 R2 : CSP doesn't appear in list of...
Hi,I'm working on Windows server 2008 R2 Standard edition. I want to used a third part CSP developped by ourselves.Our CSP library is in 64bits version and located in system32 directory.I've added a...
View ArticleCA hierarchy
Hi,I´am trying to designe CA hierarchy but I need some advice. Maybe you can help me out. Let me describe the situation a bit.I need to set up PKI so that our internal domain clients can have User and...
View ArticleEnterprise Root CA can't issue more than 2-year certificate?
Hi,I face this issue on both my production and test environment.Both of them look like this:On the root domain, we have a Enterprise Root CA on Windows 2008 R2 std Domain Controller.On the production...
View ArticleStore BitLocker key in AD
Hello,I'm an admin for an Office OU, which means I have delegation rights for my OU but I'm not a domain admin.I configured a BitLocker GP which should store the key also in AD in the computer object...
View ArticleIssues accessing local HTTPS sites with no internet connection
We run a Windows 2008 R2 VM on local workstations for software demonstrations of various web applications served up via IIS (including SharePoint) which also has a valid SSL cert installed (issued from...
View ArticleIs using inf files in %windir% to configure CA settings now deprecated with...
As per Brian Komar's AD CS books I have used inf files when installing the AD CS role and then batch files for applying settings like CDP extensions. Below is an example inf I use in labs for a root CA...
View ArticleCertificate path as a user is different than the path seen on the computer.
We have a number of certificate authorities that we trust outside of our environment. The root certificates and intermediate CA certificates are propagated to all clients through the enterprise...
View Articlesmart card status: the card is being shared by another process
Hi,I plan to use Smart Card to unlock a drive that is being locked by BitLocker Drive Encryption. The certificate request content is:[NewRequest] Subject = "CN=BitLocker" KeyLength = 2048 ProviderName...
View ArticleTrusted domain deny Computer logon
Hi,My computer is joined to the domain "ABC.com"We now have a trust with the domain "XYZ.com"I want that user in my domain "ABC.com" are not allowed to logon the trusted domain when they start up their...
View ArticleRestricting access to the event logs
The system is Server 2008R2, not a member of a domain.Per DISA's STIG, I'm required to set up a separate auditors group for managing event logs. I figured it was as easy as creating a group, adding a...
View ArticleSteps to extend Self Signed EFS Certificate.
Is there any way to extend validity of the self signed EFS certificate. Is it possible to renew it either.Abhishek
View ArticleExport the CAExchange certificate out of Microsoft Strong Cryptographic...
We currently have our own Production PKI environment set up complete with HSM backend. In a nutshell, we are running into a problem where the ADCS is notifying us that it cannot use the CSP with 86 and...
View Article