LINUX Certificate Enrollment and Automated Renewal Using NDES !v2

I am periodically asked about a “version 2.0” of my post on “LINUX Certificate Enrollment and Automated Renewal Using NDES”. I continue to watch the development of CERTMONGER.  While promising, the project development hasn’t gotten to a point exactly meets needs outlined in my example scenario. Rather than do a 2.0 post for now, I…

0

Upgrading System Center Configuration Manager (SCCM) LINUX Clients

OVERVIEW Microsoft periodically releases updated Microsoft System Center Configuration Manager – Clients for Additional Operating Systems.  The update releases often do not align with the Configuration Manager server or Windows client releases.  You should periodically check the download site for the most current release. Microsoft System Center Configuration Manager – Clients for Additional Operating Systems …

0

NDES EncryptedPassword

While doing some NDES work in my lab I found that my SCEP Administrative site  http://subca.contoso.corp/certsrv/mscep_admin/  was generating a HTTP 500 error. The application event log contained the following two entries following any unsuccessful attempt to reach the SCEP admin site: Log Name:  Application Source:  Microsoft-Windows-NetworkDeviceEnrollmentService Event ID:  2 Level:  Error Description: The Network Device…

0

The Risk of Security Only Updates

This week I worked with a customer to resolve an issue where there was concern that users were having an Active Directory Kerberos authentication issue.  Users were unable to log into LINUX systems using their Active Directory credentials.  The prevailing thought was that an update had broken the system and needed to be rolled back. …

0

SCCM Client for LINUX on FIPS Enabled Systems

Many organizations in the Public Sector as well as businesses that interact with Public Sector entities are required to adhere to the U.S. Government Federal Information Processing Standard (FIPS) Publication 140 for cryptographic systems and modules.  See https://www.microsoft.com/en-us/TrustCenter/Compliance/FIPS The compliance applies to hardware, firmware and software that use cryptographic-based security systems.  Operating systems protect and…

0

Linux Secure Dynamic DNS Update with Windows DNS

Earlier this week I was asked for recommendations on how to register Linux systems in DNS. While the records could be manually entered (or scripted) as static DNS records, it would be ideal if the process were more “dynamic”. Windows clients register dynamically why not Linux. There were ideas about DHCP performing DNS registration on…

5

LINUX Certificate Enrollment and Automated Renewal Using NDES (Updated)

(APR 2018)  NDES continues to evolve (slowly) as everyone embraces the deprecation of SHA-1.  This post has been updated to reflect those changes and the impact on NDES.  Note the difference between the cryptography used in NDES / SCEP communications versus the cryptography in the certificates provided through NDES / SCEP.  For more detail on…

20

Deploying a script or package to a LINUX host with System Center Configuration Manager 2012 R2

This blog is for those rarely seen or photographed IT professionals; the mythical Windows Admins that do Linux administration or Linux admins that do Windows administration.  More importantly, the post is for the System Center Configuration Manager admin that manages LINUX! Seldom do you come across a data center that is homogeneous (one hardware platform, one OS (Windows, Linux, Mac), one…

3

Editing / Converting LINUX Scripts from a Windows System

  If you are a Windows Administrator that performs support for LINUX systems or a LINUX administrator that performs work on Windows systems, you may have stumbled into the dreaded /bin/bash^M: bad interpreter: no such file or directory. The default text editor on a Windows system is Notepad. While a fine editor for Windows text…

0