Installing NDES restarts CertSvc service on target CA server

During the installation of NDES, two certificate templates (“Exchange Enrollment Agent (Offline request)” and “CEP Encryption”) are added to the list of templates that the target CA is allowed to issue certificates from.The registry on the target CA server is also modified to add ‘DeviceSerialNumber’ with the OID to the SubjectTemplate’ list under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\CA name\SubjectTemplate….


The tale of the phantom cached logon entry

We’re logging on with smartcards to our laptops but we’ve recently discovered that you’re also able to perform cached logons on to the laptops using a username/password combination even if you’ve only ever logged on using smartcards! This is by design, smartcard logons generate a secondary logon that creates an additional lscache entry that contains NTLM credentials….*UNLESS*…

The end of days [for XP support]

In case you missed it – there is now less than 18 months of extended support for the venerable Windows XP platform left.  The key takeway from that statement is that there will be no security updates for XP released after April 8th 2014. In the Enterprise space it’s not uncommon to have a migration…