Re: how to backup Certificate templates

From: Paul Adare (padare_at_newsguy.com)
Date: 11/02/05

• Next message: Davy: "File Sharing and Broadband"
• Previous message: Paul Adare: "Re: how to backup Certificate templates"
• Maybe in reply to: Miha Pihler [MVP]: "Re: how to backup Certificate templates"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 2 Nov 2005 03:23:15 -0500

In article <80E88F04-0F09-4052-9EAF-4AF8133E3C7B@microsoft.com>, in the
microsoft.public.security news group, =?Utf-8?B?bGJjYmVu?=
<lbcben@discussions.microsoft.com> says...

> Hi,
>
> There's nothing wrong with my domain controller, so does it mean that by
> performing Sub CA backup using CA snap-in, is sufficient enough.

You only have one domain controller? That's not a good idea even if you
weren't using Certificate Services. You should be performing a system
state backup of your domain controller in addition to your CA backups.
See my other response for backing up the templates independently of AD.

>
> I'm confusing between using CA snap-in to backup private key AND using
> saving registry setting by exporting
> HKEY_LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration
>
> For normal CA snap-in, I ticked Private Keys, CA Certificate Issued Log and
> Pending Requests, then I perform registry exporting.
>
> Am I doing double work?..or actually, I just use CA snap-in backup will do?

No, you're on the right track. Backing up the CA database and private
key through the MMC does not back up the CA registry entries.

You should also be performing a system state backup of your CA which
includes Certificate Services.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/S
erverHelp/b70185ed-93aa-4346-b869-9913282086af.mspx

or

http://tinyurl.com/7az4a
 

-- 
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern 
computer geeks finds it impossible to detect a joke that is not clearly 
labeled as such."
Ray Shea

---

• Next message: Davy: "File Sharing and Broadband"
• Previous message: Paul Adare: "Re: how to backup Certificate templates"
• Maybe in reply to: Miha Pihler [MVP]: "Re: how to backup Certificate templates"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Active Directory Backup Setup - what good is it anyway? ... what good is a backup domain controller anyway. ... I setup a DC for my domain and then setup an additional DC on the ... Sounds like the first DC is also everyone's first DNS entry. ... (microsoft.public.windows.server.active_directory) RE: How to backup active directory ... If you are using NT Backup then all ... The System State on a domain controller ... In Active Directory Sites ... Directory (including the Exchange mappings to mailboxes,) then you simply ... (microsoft.public.windows.server.active_directory) Re: Create backup w2k domain controller ... Your comments around DNS inside W2K are appreciated. ... >file server. ... >configuration is a must and domain controller needs to be ... >and you can use ntbackup to backup data and you should do ... (microsoft.public.cert.exam.mcse) Re: Promote Additional Domain controller to Primary Domain Control ... Thanks for your advice. ... Please help me to make new Backup domain Controller in operational. ... " A global catalog cannot be located to retrieve the ... (microsoft.public.windows.server.active_directory) Re: Backup manager problem ... Backup snap-in errors. ... I have been running on SP1 Standard edition for more than one year, ... I checked the default Web site backup settings. ... (microsoft.public.windows.server.sbs)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security  > 2005-11