NoMoePwds

What is a strong key protection in Windows?

First published on TECHNET on Jun 16, 2009 Strong key protection is one of the most misunderstood features in Windows security. In this post I will attempt to demystify it. I will also try to address some of the misconceptions about this feature that I’ve come across on the security discussion lists and while assisting […]

What is a strong key protection in Windows? Continue Reading

Populate Subject Name for Offline Templates on Renew

First published on TECHNET on Aug 21, 2009 Offline templates are certificate templates that require the subject name to be part of the certificate request. The certificate authority will use the subject name supplied in the request as the subject name of the certificate to issue. This is different from online templates where the Microsoft

Populate Subject Name for Offline Templates on Renew Continue Reading

Automated CA installs using VB script on Windows Server 2008 and 2008R2 [UPDATED]

First published on TECHNET on Sep 18, 2009 Starting with Windows Server 2008 the CA product team introduced a set of COM objects that can be used to control the installation of CAs. Using VBScript you can quickly automate the setup and installation of a CA.Below is a script that is being used by the

Automated CA installs using VB script on Windows Server 2008 and 2008R2 [UPDATED] Continue Reading

Introducing Certificate Template API

First published on TECHNET on Sep 25, 2009 WARNING: USE OF THE SAMPLE CODE PROVIDED IN THIS ARTICLE IS AT YOUR OWN RISK. Microsoft provides this sample code “as is” without warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

Introducing Certificate Template API Continue Reading

CA manager approval required for certificate re-enrollment

First published on TECHNET on Mar 08, 2011 Hi there, this is Larry, Developer from US, and Fabian, PFE from Germany, writing about an uncommon scenario that might raise questions sometimes. When enrolling certificates to clients or users, you might want to have control regarding the initial enrollment of the certificate in order to decide,

CA manager approval required for certificate re-enrollment Continue Reading

Setting up TPM protected certificates using a Microsoft Certificate Authority – Part 2: Virtual Smart Cards

First published on TECHNET on Jul 15, 2014 Hey Everyone, I am back with part 2 of this 3 part series on TPM protected certificates.  The topics covered in this are related to Virtual Smart Cards, their benefits, and lastly their limitations.  I will also cover how to create a Virtual Smart Cards.  Management of

Setting up TPM protected certificates using a Microsoft Certificate Authority – Part 2: Virtual Smart Cards Continue Reading

Implementing LDAPS (LDAP over SSL)

First published on TECHNET on Jun 02, 2011 LDAP over SSL (LDAPS) is becoming an increasingly hot topic – perhaps it is because Event Viewer ID 1220 is catching people’s attention in the Directory Service Log or just that people are wanting the client to server LDAP communication encrypted. The quick summary of what this is all

Implementing LDAPS (LDAP over SSL) Continue Reading

Firewall Rules for Active Directory Certificate Services

First published on TECHNET on Jun 25, 2010 Below is a list of ports that need to be opened on Active Directory Certificate Services servers to enable HTTP and DCOM based enrollment The information was developed by Microsoft Consultant Services during one of our customer engagements Protocol Port From To Action Comments Kerberos 464 Certificate

Firewall Rules for Active Directory Certificate Services Continue Reading

AD Schema Requirements for Windows PKI features

First published on TECHNET on Dec 04, 2009 There have been a number of questions about Active Directory (AD) schema requirements for the Windows PKI features so I decided this deserves a blog post. Cheat sheet 1. Version 2 and Version 3 certificate templates require Windows Server 2003 (version 30) or later schema. It doesn’t

AD Schema Requirements for Windows PKI features Continue Reading

Cross-forest certificate enrollment white paper update

First published on TECHNET on Aug 24, 2009 We’ve just updated the Beta version of the cross-forest certificate enrollment white paper. In addition to fixing some of the bugs we had in the previous version, we’ve added sections around supporting selective authentication, enrollment web pages, and provided a script to delete PKI objects from AD.

Cross-forest certificate enrollment white paper update Continue Reading