Friday Mail Sack: 1970’s Conversion Van Edition

Hello folks, Ned here again with another ridiculously overdue Friday Mail Sack. This week we talk about patching, admin rights, Kerberos, hiring, ADMT, and PKI. Next week we talk about… nothing. I will be out celebrating an Important Wife Birthday™ and unless Jonathan takes pity on you, there will be crickets. So bother him A… Read more

Designing and Implementing a PKI: Part III Certificate Templates

The series: Designing and Implementing a PKI: Part I Design and Planning Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation Designing and Implementing a PKI: Part III Certificate Templates Designing and Implementing a PKI: Part IV Configuring SSL for Web Enrollment and Enabling Key Archival Designing and Implementing a PKI:… Read more

Enabling CEP and CES for enrolling non-domain joined computers for certificates

Hey all, Rob here again. I thought I would expand upon my last blog describing Certificate Enrollment Web Services by covering some of the different configurations that are possible. As a refresher, Certificate Enrollment Policy and Certificate Enrollment Services abstracts certificate Policy and certificate Enrollment from a specific Active Directory forest allowing clients in a… Read more

Certificate Enrollment Web Services

Hey everyone, Rob here again. With the release of Windows Server 2008 R2 and Windows 7 we have added new methods of enrolling for certificates: Certificate Enrollment Policy (CEP) and Certificate Enrollment Service (CES). CEP is a web service that enables users and computers to obtain certificate enrollment policy information. This information includes what types… Read more

Clustered Certification Authority maintenance tasks

Hi all Rob Greene here again. I thought I would share with you how to do some common tasks with a Windows Server 2008 clustered Certification Authority (CA). When the CA is clustered there are definitely different steps that need to be taken when you: Make a change to the behavior of the CA by… Read more

Troubleshooting Credential Roaming

Hi. Jim here again from Directory Services with a follow up to my Understanding Credential Roaming blog post. To review, credential roaming makes it possible to roam the user’s credentials in a manageable, secure manner that is ultimately transparent to the user. What follows is a deeper dive into the inner workings of Credential Roaming…. Read more

Windows Server 2008 R2 CAPolicy.inf Syntax

Greetings! This is Jonathan again. I was reviewing Chris’ excellent blog post series on designing and implementing a PKI when I realized that it would be helpful to better document the CAPolicy.inf file. The information in this post relies heavily on the information published in the Windows Server 2003 Help File, but this information is… Read more

Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation

The series: Designing and Implementing a PKI: Part I Design and Planning Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation Designing and Implementing a PKI: Part III Certificate Templates Designing and Implementing a PKI: Part IV Configuring SSL for Web Enrollment and Enabling Key Archival Designing and Implementing a PKI:… Read more

Windows 2008 R2 Standard Edition supports Version 2 and 3 Templates

Chris here again. This time I have a quick post. For those looking for reasons to either implement a PKI or potentially upgrade a PKI to Windows Server 2008 R2, the Standard Edition now supports Version 2 and 3 templates. Prior to Windows Server 2008 R2 the Certification Authority role had to be installed on… Read more